US20110302415A1 - Securing customer virtual machines in a multi-tenant cloud - Google Patents

Securing customer virtual machines in a multi-tenant cloud Download PDF

Info

Publication number
US20110302415A1
US20110302415A1 US13/045,212 US201113045212A US2011302415A1 US 20110302415 A1 US20110302415 A1 US 20110302415A1 US 201113045212 A US201113045212 A US 201113045212A US 2011302415 A1 US2011302415 A1 US 2011302415A1
Authority
US
United States
Prior art keywords
virtual machine
key
server computer
customer
trusted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US13/045,212
Other versions
US8909928B2 (en
Inventor
Irfan AHMAD
Mukund GUNTI
Abhishek CHATURVEDI
Vladimir Kiriansky
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
VMware LLC
Original Assignee
VMware LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by VMware LLC filed Critical VMware LLC
Priority to US13/045,212 priority Critical patent/US8909928B2/en
Publication of US20110302415A1 publication Critical patent/US20110302415A1/en
Application granted granted Critical
Publication of US8909928B2 publication Critical patent/US8909928B2/en
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB

Definitions

  • One or more embodiments of the present invention provide a trusted virtualization platform as a way of securing customer virtual machines in a multi-tenant cloud computing center.
  • the trusted virtualization platform limits administrator access to the data and state of the virtual machines running thereon, reports any changes made thereto, and requires keys provided by the customer or a trusted third party of the customer to perform management operations on the virtual machines.
  • customers uploading their virtual machines into the cloud computing center can be assured that cloud administrators will not be able to access or tamper with their private data.
  • customers can directly audit all important state or configuration changes for their virtual machines as the trusted virtualization platform can be configured to report all such changes according to a security policy set by the customer.
  • a method of securing virtual machines in a multi-tenant data center including a plurality of server computers and persistent data stores includes the steps of configuring a server computer with a trusted platform module, installing a trusted software stack on the server computer, measuring a static property of the software stack and storing the measurement, transmitting the measurement to an external entity and, in response thereto, receiving from the external entity a key for running a virtual machine on top of the trusted software stack, and running the virtual machine on top of the trusted software stack using the key.
  • a method of securing virtual machines in a multi-tenant data center including a plurality of server computers and persistent data stores includes the steps of receiving a request for a key to run a virtual machine on a server computer configured with a trusted platform module, the key request including a customer ID associated with the virtual machine, requesting the server computer for static property measurements of a software stack on top which the virtual machine will be run and, in response thereto, receiving the static property measurements, and confirming from the static property measurements that the software stack is a trusted software stack and, after said confirming, transmitting to the server computer the key to run the virtual machine on the server computer.
  • the method further comprises the steps of receiving a public key of the trusted platform module from the server computer, and searching for the public key in an inventory associated with the multi-tenant data center, wherein the key to run the virtual machine on the server computer is transmitted to the server computer after it is confirmed that the public key has been found in the inventory associated with the multi-tenant data center.
  • a multi-tenant data center that provides security to customer data includes a plurality of server computers, each of which is configured with a trusted platform module and a trusted virtualization platform having one or more software layers on top of which a customer application is to be executed, and a persistent storage system coupled to the server computers, in which files for launching the customer application, such as the customer's virtual machine, are stored, the files including an encrypted portion and a plain text portion that identifies the customer and a network location associated with the customer.
  • the trusted virtualization platform is programmed to perform an audit and report any changes to the trusted virtualization platform to the network location associated with the customer. Once it has been confirmed that no changes have been made to the trusted virtualization platform, the trusted virtualization platform can obtain keys from the network location associated with the customer to decrypt the encrypted portion of the files for launching the customer application, such as the customer's virtual machine.
  • FIG. 1 illustrates elements of a computer system in which one or more embodiments of the present invention may be practiced.
  • FIG. 2 illustrates a trusted virtualization platform (TVP) for a virtual machine according to one or more embodiments of the present invention.
  • TVP trusted virtualization platform
  • FIG. 3 is a conceptual diagram that illustrates how static properties of the TVP are measured.
  • FIG. 4 is a flow diagram that illustrates the method of powering on a virtual machine according to one or more embodiments of the present invention.
  • FIG. 5 is a flow diagram that illustrates the method of handling management operations to be performed on a virtual machine running on a TVP, according to one or more embodiments of the present invention.
  • FIG. 1 illustrates elements of a computer system 100 in which one or more embodiments of the present invention may be practiced.
  • Computer system 100 includes one or more cloud computing centers (cloud X 130 and cloud Y 170 ), computing devices of users or customers of the cloud computing centers (user computers 110 ), and a server computer of a trusted third party (trusted third party server 112 ) to whom users may have delegated certain responsibilities relating to the computing services provided by the cloud computing centers.
  • cloud X 130 and cloud Y 170 computing devices of users or customers of the cloud computing centers
  • trusted third party server 112 trusted third party to whom users may have delegated certain responsibilities relating to the computing services provided by the cloud computing centers.
  • Network 120 which may be the Internet.
  • the cloud computing centers provide shared hardware resources, software, and information on demand to their customers over a computer network, such as the Internet.
  • cloud X 130 is providing this service to user A over network 120 in accordance with certain security polices set by user A.
  • the security policies may be enforced directly by user A or by a trusted third party of user A, e.g., by way of trusted third party server 112 .
  • Trusted third party server 112 maintains keys for various users, including the keys of user A, that are used in enforcing the security policies.
  • Trusted third party server 112 also maintains an inventory of trusted platform modules (TPMs) that are installed in different cloud computing centers in the form of certificates associated with the TPMs, each certificate containing the public portion of endorsement key pair (EK) of a corresponding TPM, and an audit trail for each of the users that it is serving.
  • TPMs trusted platform modules
  • EK endorsement key pair
  • Cloud X 130 implements virtual machines (not shown) to serve its customers and includes a cloud manager 137 , a virtual machine management server 140 , a plurality of physical computers (e.g., physical computers 150 , 152 , 154 ), and a shared data store 160 .
  • Cloud manager 137 is a computing device that is configured to manage the cloud computing resources provided to the users and includes an interface to network 120 . Depending on user requests or prompted by an administrator, cloud manager 137 may issue certain operations to be carried out by virtual machine management server 140 , such as virtual machine power on and off.
  • Virtual machine management server 140 is a computing device that is configured to perform virtual machine management operations such as virtual machine power on and off, migrating virtual machines between physical computers, migrating persistent state of virtual machines between data stores, creating/reverting/destroying virtual machine snapshots, adding/removing devices from virtual machines, allocating processing and memory resources to virtual machines, and others. These virtual machine management operations may be initiated by cloud manager 137 , a load balancing or scheduling module, or by an administrator.
  • the physical computers each include virtualization software 158 and hardware 159 , and are coupled to a shared persistent storage system that includes one or more shared data stores 160 .
  • Virtualization software 158 is installed on top of hardware 159 and supports multiple virtual machine execution spaces within each of which a virtual machine process may be executed to instantiate corresponding virtual machines.
  • virtualization software 158 manages a corresponding virtual hardware platform that includes emulated hardware devices such as a virtual processor, guest physical memory, virtual network interface card, virtual disk, and others.
  • Hardware 159 includes a TPM 161 and standard components of a computer system, such as a processor (not shown), memory (not shown), a network interface card (NIC) 162 connected to data network 131 , and a disk interface 163 connected to storage network 132 .
  • Persistent storage for each of the physical computers 150 , 152 , 154 is provided by shared data store 160 .
  • hardware of physical computer 150 and physical computer 152 includes a TPM, but hardware of physical computer 154 does not.
  • the TPM enables a trusted virtualization platform (TVP) to be implemented in the physical computers.
  • the TVP for physical computer 150 is shown in further detail in FIG. 2 .
  • TVP 201 of physical computer 150 includes a pre-execution environment (PXE) boot image 202 , virtual machine kernel 203 , and applications 204 (e.g., different applications for supporting the execution of VM 210 ).
  • PXE pre-execution environment
  • TVP 201 is specially configured to lock out the root (admin) user from making any changes thereto. For example, SSH access is disabled.
  • PXE pre-execution environment
  • TVP 201 provides protection for storage and network communications. Storage protection is provided by encrypting a virtual machine's virtual disk.
  • the virtual disk for VM 210 is represented as vmdk 214
  • the virtual disk for VM 220 is represented as vmdk 234 .
  • Each virtual disk comprises one or more data files (e.g., files with a .vmdk extension) that each contain a disk image (or portion thereof) for each VM's virtual disk.
  • the virtual disk image files stored in data store 160 in encrypted form and accessed through respective one of host bus adapters (HBAs) 163 , 263 over network 132 .
  • HBAs host bus adapters
  • An encryption key will need to be obtained from the customer or the customer's trusted third party before the virtual machines can operate (perform input/output operations) on the data stored in the virtual disks. It should be recognized that the decrypted data are stored in memory and made available to the virtual machines but will remain inaccessible by the administrator.
  • keys 212 provided to TVP 201 by the customer or the customer's trusted third party are stored in memory 211 and will be inaccessible by the administrator.
  • the integrity of the data stored in the virtual disks is also monitored using a keyed hash, also known as MAC (Message Authentication Code).
  • Protection for network communications between VMs that are owned by the same customer is provided by requiring all such communications to be encrypted.
  • the encryption key is obtained from the customer or the customer's trusted third party.
  • a virtual machine that runs on a TVP e.g., VM 220 running on TVP 221 , will be able to engage in communication with VM 210 by obtaining the encryption key from the customer or the customer's trusted third party and exchanging encrypted messages with VM 210 through NIC 262 over network 131 .
  • network communication between VM 210 or VM 220 and a virtual machine that is not running on a TVP e.g., a virtual machine running in physical computer 154 , or a virtual machine of a different customer, will not undergo such encryption.
  • the encryption key used to secure the communication between VMs that are owned by the same customer is the same for all applications or operations of that customer. In another embodiment, the encryption key used to secure the communication between VMs that are owned by the same customer is different for different applications or operations of that customer.
  • TVP 201 may need to disable/restrict or modify security services which run as appliances.
  • keys provided to TVP 201 may be configured with a lease period.
  • the lease period is defined in the customer's policy and keys configured with a lease period is automatically purged from memory when the lease period expires.
  • FIG. 3 is a conceptual diagram that illustrates how the TPM is used to measure the static properties of the TVP.
  • the static property measurements of the TVP ensure that the TVP has not been modified from the “trusted” version in any way.
  • the static property measurements are stored in one of the PCRs (Platform Configuration Registers) of the TPM, e.g., PCR 316 - 1 .
  • TPM 161 is shown to have N PCRs. Each time a software layer is added to the TVP, a checksum is computed for that software layer and “extended” into a PCR.
  • the “extend” operation concatenates the computed checksum with a hash value that has been previously computed and stored in the PCR, and generates a new hash of the concatenated value.
  • the newly generated hash value is stored back in the same PCR.
  • event log 317 is “extended” into the PCR.
  • the entries of event log 317 which is maintained in memory, identify software layers, their version numbers, and corresponding PCR, in the order they were added to the TVP.
  • the last entry of event log 317 is for the event log and identifies the PCR corresponding to the event log.
  • a modification of the TVP from its “trusted” version would be detected when any of the values stored in the PCR do not match an expected value.
  • the newly generated hash values may be stored in different PCRs and event log 3171 indicates the correspondence between the static property measurements and the PCRs.
  • FIG. 4 is a flow diagram that illustrates the method of powering on a virtual machine according to one or more embodiments of the present invention.
  • the user sends a request to power on his or her virtual machine to the cloud manager, who passes on the request to the virtual machine management server. If it is determined at step 412 that the virtual machine is to be run on a TVP, the method proceeds to step 416 . On the other hand, if a TVP is not required, the virtual machine is powered on normally at step 414 .
  • the TVP retrieves a VM configuration file corresponding to the requested virtual machine from storage.
  • the VM configuration file provides encrypted configuration information and includes a plain text portion including the customer ID and the domain name of the customer (or “user”) or the customer's trusted third party (hereinafter referred to as “key provider”).
  • the TVP establishes a secure connection (e.g., SSL-encrypted session) with the key provider. This step includes first obtaining the SSL certificate for the key provider and then verifying that the SSL certificate has been signed by a proper certificate authority.
  • the TVP requests the key provider for one or more keys needed for powering up the virtual machine.
  • the keys will allow the TVP to decrypt the remainder of the VM configuration file and associated data files, e.g., the virtual disk of the virtual machine. As part of this request, it also sends the customer ID.
  • the key provider activates the AIK (Attestation Identification Key) to be used for attestation. If there is no AIK, the key provider requests one from the TVP, in response to which the TPM of the TVP generates the public and private portions of the AIK. The TVP then binds the public portion of the AIK to the public portion of the EK and sends the bound keys to the key provider.
  • the key provider retrieves the public portion of the AIK, and also checks its inventory to verify that the public portion of the EK that was bound to the public portion of the AIK is part of the inventory of the customer's cloud provider.
  • the key provider After activation of the AIK, at step 424 , the key provider requests the TVP for a quote of the PCRs of the TPM.
  • the key provider also generates a random nonce and transmits the random nonce with the request at step 424 .
  • the TVP receives the request for the quote of the PCRs and the random nonce, and at step 426 the TPM generates the quote of the PCRs and encrypts the quote of the PCRs along with the random nonce using the private portion of the AIK.
  • the quote of the PCRs and the random nonce are transmitted to the key provider at step 428 . It should be recognized that the exchange of the random nonce protects against replay attacks.
  • the key provider carries out the step of verifying the quote of the PCRs. This step includes decrypting the data received from the TVP using the public portion of the AIK, comparing the PCR values included in the quote of the PCRs against expected PCR values, and comparing the decrypted random nonce with the random nonce that was sent at step 424 . If it is determined at step 432 that all of these checks have passed, the key provider transmits the keys at step 434 , and the TVP uses the keys to read the VM configuration file and power on the virtual machine at step 436 . On the other hand, if any of the checks failed, the key provider transmits an error message at step 438 and the virtual machine power on attempted by the TVP is unsuccessful (step 440 ).
  • FIG. 5 is a flow diagram that illustrates the method of handling management operations to be performed on a virtual machine running on a TVP, according to one or more embodiments of the present invention.
  • the management operations include virtual machine power off, migrating virtual machines between physical computers, creating/reverting/destroying virtual machine snapshots, adding/removing devices from virtual machines, and allocating processing and memory resources to virtual machines.
  • the cloud manager, the virtual machine management server, or the administrator initiates a management operation on a virtual machine. Certain management operations do not compromise the security of a virtual machine and so those are handled in the normal way at step 514 . If it is determined at step 512 that the management operation initiated at step 510 has security implications and is therefore a restricted operation, then the TVP requests the key provider for permission to carry out the management operation at step 516 . The key provider receives this request at step 518 and determines at step 520 whether or not the requested management operation is permitted by the customer's policy. If it is permitted, keys for performing the requested management operation are sent to the TVP at step 522 , and the TVP performs the management operation on the virtual machine at step 528 . If it is not permitted, a message indicating denial of the request is sent to the TVP at step 522 .
  • Step 530 is implemented in the TVP so that the key provider can audit the trail of management operations performed on the virtual machine.
  • the management operation that was performed on the virtual machine is reported to the key provider at step 530 .
  • the types of management operations executed in step 514 or step 524 that are reported are defined in the customer's security policy.
  • the key provider stores the reported operation and monitors it at step 534 for any operations that might compromise the security of the virtual machine. If a possible security breach is detected at step 536 , a request to power off the virtual machine or to perform some other remediation action as may be preconfigured by the customer or according to customer's policy is sent at step 538 .
  • Examples may include an alert being sent to the customer, or migrating the VM to the customer's private cloud, i.e., the customer's own data center.
  • the virtual machine is powered off or some other remedial action is taken as may be preconfigured by the customer or according to customer's policy If a possible security breach is not detected at step 536 , the flow returns to step 534 , and the audit trail is continued to be monitored.
  • a load balancing module running inside virtual machine management server 140 is recommending a migration of a virtual machine running in physical computer 150 to a target physical computer
  • the method described in FIG. 5 would be carried out to obtain keys for this management operation.
  • the target physical computer is physical computer 154
  • the request will be denied because physical computer 154 is not running a TVP.
  • the target physical computer is physical computer 152
  • the request will be granted after verifying the quote of the PCRs of the TPM in physical computer 152 and after confirming that TPM in physical computer 152 is found in the inventory of TPMs inside cloud X 130 .
  • the keys that are transmitted to the TVP includes a key for securely transmitting memory state of the running virtual machine over the network from physical computer 150 to physical computer 152 , a key for decrypting the VM configuration file, and a key for decrypting the VM's virtual disk.
  • the TVP in physical computer 152 contacts the key provider for keys to power on the virtual machine in physical computer 152 according to the method described in conjunction with FIG. 4 .
  • the audit trail message is sent after a restricted management operation is carried out.
  • the audit trail message is sent after it has been determined that the management operation is a restricted operation in step 512 and before such management operation is actually carried out, e.g., between steps 512 and 516 .
  • a new shell mode may be included in the TVP.
  • This new shell mode provides shell access to the physical computer and hypervisor running thereon, but only after the TVP scrubs all memory and storage that can potentially leak customer data.
  • the TVP causes the TPM to extend a hash of the shell's binary code to be into the PCR where the hash of the TVP has been recorded so that the quote of the PCRs will reflect the fact that a support shell has been launched on the physical computer. From this point on, the virtual machine cannot be restarted on this physical machine without going through the reboot process. If more than one virtual machine is running on the TVP, the support shell will not be allowed if the policy of any one virtual machine does not allow it.
  • the trusted software stack is not a trusted virtualization platform, but a trusted platform on which a normal user application can be executed.
  • the trusted software stack would include an operating system kernel in place of the virtual machine kernel, and the files stored in data store 160 that are encrypted would include configuration files for the application and files created and modified by the application.
  • the embodiment of the present invention shown in FIG. 1 includes a TPM as a module for performing remote attestation, but it should be recognized that other embodiments of the present invention may provide the remote attestation functionality using different modules.
  • the key provider before sending a key for performing restricted management operations to any server, encrypts the key using a public key of the target server.
  • the encrypted key can be decrypted only with a private key associated with the public key, i.e., the private key of the target server, so that if any other servers intercepted the encrypted key, it cannot be decrypted. Further, the encrypted key cannot be decrypted even by the target server using its private key, if the trusted platform on the target server has changed such that the current static properties of the trusted platform does not match the previously measured and recorded static properties of the trusted platform.
  • one or more keys for performing restricted management operations on the VM are encrypted upon receipt by the server from the key provider, and the encrypted keys are transmitted back to the key provider. If the server needs one of the keys to perform a restricted management operation at a later time, the key provider, after performing the remote attestation on the server and confirming that the trusted platform on the server has not changed, transmits the encrypted key to the server. It should be recognized that the encryption of the keys for performing restricted management operations in this manner provides another layer of security for the keys.
  • the various embodiments described herein may employ various computer-implemented operations involving data stored in computer systems. For example, these operations may require physical manipulation of physical quantities which usually, though not necessarily, take the form of electrical or magnetic signals where they, or representations of them, are capable of being stored, transferred, combined, compared, or otherwise manipulated. Further, such manipulations are often referred to in terms, such as producing, identifying, determining, or comparing. Any operations described herein that form part of one or more embodiments of the invention may be useful machine operations.
  • one or more embodiments of the invention also relate to a device or an apparatus for performing these operations.
  • the apparatus may be specially constructed for specific required purposes, or it may be a general purpose computer selectively activated or configured by a computer program stored in the computer.
  • various general purpose machines may be used with computer programs written in accordance with the description provided herein, or it may be more convenient to construct a more specialized apparatus to perform the required operations.
  • One or more embodiments of the present invention may be implemented as one or more computer programs or as one or more computer program modules embodied in one or more computer readable media.
  • the term computer readable medium refers to any data storage device that can store data which can thereafter be input to a computer system; computer readable media may be based on any existing or subsequently developed technology for embodying computer programs in a manner that enables them to be read by a computer.
  • Examples of a computer readable medium include a hard drive, network attached storage (NAS), read-only memory, random-access memory (e.g., a flash memory device), a CD-ROM (Compact Disc-ROM), a CD-R, or a CD-RW, a DVD (Digital Versatile Disc), a magnetic tape, and other optical and non-optical data storage devices.
  • NAS network attached storage
  • read-only memory e.g., a flash memory device
  • CD-ROM Compact Disc-ROM
  • CD-R Compact Disc-ROM
  • CD-RW Compact Disc-RW
  • DVD Digital Versatile Disc
  • magnetic tape e.g., DVD (Digital Versatile Disc), a magnetic tape, and other optical and non-optical data storage devices.
  • the computer readable medium can also be distributed over a network coupled computer system so that the computer readable code is stored and executed in a distributed fashion.

Abstract

A trusted virtualization platform protects sensitive customer data during operation of virtual machines in a multi-tenant cloud computing center. The trusted virtualization platform limits administrator access to the data and state of the virtual machines running thereon, reports any changes made thereto, and requires keys provided by the customer or a trusted third party of the customer to perform management operations on the virtual machines. By requiring cloud computing centers to use such trusted virtualization platforms, customers uploading their virtual machines into the cloud computing center can be assured that cloud administrators will not be able to access or tamper with their private data. Furthermore, customers can directly audit all important state or configuration changes for their virtual machines as the trusted virtualization platform can be configured to report all such changes according to a security policy set by the customer.

Description

  • CROSS-REFERENCE TO RELATED APPLICATION(S)
  • This application claims the benefit of U.S. Provisional Patent Application No. 61/350,809, filed Jun. 2, 2010 and entitled “Securing Customer Virtual Machines in a Multi-Tenant Cloud,” the entire contents of which are incorporated by reference herein.
    • BACKGROUND
  • Motivated by economies of scale from hosting workloads from thousands of customers and the resulting benefits from overcommitment and statistical multiplexing of load, service providers are setting up large virtualized cloud computing centers. However, many enterprise customers are unwilling to send their critical workloads into the cloud due to security concerns.
  • In current configuration of cloud computing centers, customers do not have control over where their workload is executed. As a result, when a customer's virtual machine is powered-up on a host within the cloud computing center, information in the virtual machine could be compromised in several ways. For example, the host could keep a snapshot of the virtual machine, do memory inspection, and gain knowledge of the customer's potentially sensitive data. In addition, the cloud administrator has virtually limitless access over the data and state of all virtual machines running for all customers. This includes reading virtual disks directly, and sniffing private virtual network traffic of a customer between two of his or her virtual machines.
    • SUMMARY
  • One or more embodiments of the present invention provide a trusted virtualization platform as a way of securing customer virtual machines in a multi-tenant cloud computing center. The trusted virtualization platform limits administrator access to the data and state of the virtual machines running thereon, reports any changes made thereto, and requires keys provided by the customer or a trusted third party of the customer to perform management operations on the virtual machines. By requiring cloud computing centers to use such trusted virtualization platforms, customers uploading their virtual machines into the cloud computing center can be assured that cloud administrators will not be able to access or tamper with their private data. Furthermore, customers can directly audit all important state or configuration changes for their virtual machines as the trusted virtualization platform can be configured to report all such changes according to a security policy set by the customer.
  • A method of securing virtual machines in a multi-tenant data center including a plurality of server computers and persistent data stores, according to an embodiment of the present invention, includes the steps of configuring a server computer with a trusted platform module, installing a trusted software stack on the server computer, measuring a static property of the software stack and storing the measurement, transmitting the measurement to an external entity and, in response thereto, receiving from the external entity a key for running a virtual machine on top of the trusted software stack, and running the virtual machine on top of the trusted software stack using the key.
  • A method of securing virtual machines in a multi-tenant data center including a plurality of server computers and persistent data stores, according to another embodiment of the present invention, includes the steps of receiving a request for a key to run a virtual machine on a server computer configured with a trusted platform module, the key request including a customer ID associated with the virtual machine, requesting the server computer for static property measurements of a software stack on top which the virtual machine will be run and, in response thereto, receiving the static property measurements, and confirming from the static property measurements that the software stack is a trusted software stack and, after said confirming, transmitting to the server computer the key to run the virtual machine on the server computer. In another embodiment, the method further comprises the steps of receiving a public key of the trusted platform module from the server computer, and searching for the public key in an inventory associated with the multi-tenant data center, wherein the key to run the virtual machine on the server computer is transmitted to the server computer after it is confirmed that the public key has been found in the inventory associated with the multi-tenant data center.
  • A multi-tenant data center that provides security to customer data, according to an embodiment of the present invention, includes a plurality of server computers, each of which is configured with a trusted platform module and a trusted virtualization platform having one or more software layers on top of which a customer application is to be executed, and a persistent storage system coupled to the server computers, in which files for launching the customer application, such as the customer's virtual machine, are stored, the files including an encrypted portion and a plain text portion that identifies the customer and a network location associated with the customer. In one embodiment, the trusted virtualization platform is programmed to perform an audit and report any changes to the trusted virtualization platform to the network location associated with the customer. Once it has been confirmed that no changes have been made to the trusted virtualization platform, the trusted virtualization platform can obtain keys from the network location associated with the customer to decrypt the encrypted portion of the files for launching the customer application, such as the customer's virtual machine.
  • Further embodiments of the present invention include, without limitation, a non-transitory computer-readable storage medium that includes instructions that enable a processing unit to implement one or more aspects of the above methods.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 illustrates elements of a computer system in which one or more embodiments of the present invention may be practiced.
  • FIG. 2 illustrates a trusted virtualization platform (TVP) for a virtual machine according to one or more embodiments of the present invention.
  • FIG. 3 is a conceptual diagram that illustrates how static properties of the TVP are measured.
  • FIG. 4 is a flow diagram that illustrates the method of powering on a virtual machine according to one or more embodiments of the present invention.
  • FIG. 5 is a flow diagram that illustrates the method of handling management operations to be performed on a virtual machine running on a TVP, according to one or more embodiments of the present invention.
    •  DETAILED DESCRIPTION
  • FIG. 1 illustrates elements of a computer system 100 in which one or more embodiments of the present invention may be practiced. Computer system 100 includes one or more cloud computing centers (cloud X 130 and cloud Y 170), computing devices of users or customers of the cloud computing centers (user computers 110), and a server computer of a trusted third party (trusted third party server 112) to whom users may have delegated certain responsibilities relating to the computing services provided by the cloud computing centers.
  • Communication between the computing entities illustrated in FIG. 1 is carried out over a network 120, which may be the Internet.
  • The cloud computing centers provide shared hardware resources, software, and information on demand to their customers over a computer network, such as the Internet. In the example illustrated in FIG. 1, cloud X 130 is providing this service to user A over network 120 in accordance with certain security polices set by user A. The security policies may be enforced directly by user A or by a trusted third party of user A, e.g., by way of trusted third party server 112. Trusted third party server 112 maintains keys for various users, including the keys of user A, that are used in enforcing the security policies. Trusted third party server 112 also maintains an inventory of trusted platform modules (TPMs) that are installed in different cloud computing centers in the form of certificates associated with the TPMs, each certificate containing the public portion of endorsement key pair (EK) of a corresponding TPM, and an audit trail for each of the users that it is serving. The inventory and the audit trails are used to perform security checks that will be further described below.
  • Cloud X 130 implements virtual machines (not shown) to serve its customers and includes a cloud manager 137, a virtual machine management server 140, a plurality of physical computers (e.g., physical computers 150, 152, 154), and a shared data store 160. Cloud manager 137 is a computing device that is configured to manage the cloud computing resources provided to the users and includes an interface to network 120. Depending on user requests or prompted by an administrator, cloud manager 137 may issue certain operations to be carried out by virtual machine management server 140, such as virtual machine power on and off. Virtual machine management server 140 is a computing device that is configured to perform virtual machine management operations such as virtual machine power on and off, migrating virtual machines between physical computers, migrating persistent state of virtual machines between data stores, creating/reverting/destroying virtual machine snapshots, adding/removing devices from virtual machines, allocating processing and memory resources to virtual machines, and others. These virtual machine management operations may be initiated by cloud manager 137, a load balancing or scheduling module, or by an administrator.
  • The physical computers each include virtualization software 158 and hardware 159, and are coupled to a shared persistent storage system that includes one or more shared data stores 160. Virtualization software 158 is installed on top of hardware 159 and supports multiple virtual machine execution spaces within each of which a virtual machine process may be executed to instantiate corresponding virtual machines. For each of the instantiated virtual machines, virtualization software 158 manages a corresponding virtual hardware platform that includes emulated hardware devices such as a virtual processor, guest physical memory, virtual network interface card, virtual disk, and others.
  • Hardware 159 includes a TPM 161 and standard components of a computer system, such as a processor (not shown), memory (not shown), a network interface card (NIC) 162 connected to data network 131, and a disk interface 163 connected to storage network 132. Persistent storage for each of the physical computers 150, 152, 154 is provided by shared data store 160.
  • For purposes of illustration, in the example shown in FIG. 1, hardware of physical computer 150 and physical computer 152 includes a TPM, but hardware of physical computer 154 does not. The TPM enables a trusted virtualization platform (TVP) to be implemented in the physical computers. The TVP for physical computer 150 is shown in further detail in FIG. 2.
  • Referring to FIG. 2, TVP 201 of physical computer 150 includes a pre-execution environment (PXE) boot image 202, virtual machine kernel 203, and applications 204 (e.g., different applications for supporting the execution of VM 210). TVP 201 is specially configured to lock out the root (admin) user from making any changes thereto. For example, SSH access is disabled. In addition:
  • (1) In-place executable upgrades are not allowed.
  • (2) No root program can be installed to inspect guest physical memory of the virtual machine.
  • (3) API calls that allow administrator to load modules or manipulate virtual machine definition files are not provided.
  • (4) All administrator operations performed on the virtual machine will trigger a report to a trusted third party of the user so that they can be monitored.
  • In addition to the above properties, TVP 201 provides protection for storage and network communications. Storage protection is provided by encrypting a virtual machine's virtual disk. In FIG. 2, the virtual disk for VM 210 is represented as vmdk 214, and the virtual disk for VM 220 is represented as vmdk 234. Each virtual disk comprises one or more data files (e.g., files with a .vmdk extension) that each contain a disk image (or portion thereof) for each VM's virtual disk. The virtual disk image files stored in data store 160 in encrypted form and accessed through respective one of host bus adapters (HBAs) 163, 263 over network 132. An encryption key will need to be obtained from the customer or the customer's trusted third party before the virtual machines can operate (perform input/output operations) on the data stored in the virtual disks. It should be recognized that the decrypted data are stored in memory and made available to the virtual machines but will remain inaccessible by the administrator. In addition, keys 212 provided to TVP 201 by the customer or the customer's trusted third party are stored in memory 211 and will be inaccessible by the administrator. The integrity of the data stored in the virtual disks is also monitored using a keyed hash, also known as MAC (Message Authentication Code).
  • Protection for network communications between VMs that are owned by the same customer is provided by requiring all such communications to be encrypted. The encryption key is obtained from the customer or the customer's trusted third party. A virtual machine that runs on a TVP, e.g., VM 220 running on TVP 221, will be able to engage in communication with VM 210 by obtaining the encryption key from the customer or the customer's trusted third party and exchanging encrypted messages with VM 210 through NIC 262 over network 131. On the other hand, network communication between VM 210 or VM 220 and a virtual machine that is not running on a TVP, e.g., a virtual machine running in physical computer 154, or a virtual machine of a different customer, will not undergo such encryption. In one embodiment, the encryption key used to secure the communication between VMs that are owned by the same customer is the same for all applications or operations of that customer. In another embodiment, the encryption key used to secure the communication between VMs that are owned by the same customer is different for different applications or operations of that customer.
  • In further embodiments, depending on the security requirements, TVP 201 may need to disable/restrict or modify security services which run as appliances. In addition, keys provided to TVP 201 may be configured with a lease period. In one embodiment, the lease period is defined in the customer's policy and keys configured with a lease period is automatically purged from memory when the lease period expires.
  • FIG. 3 is a conceptual diagram that illustrates how the TPM is used to measure the static properties of the TVP. The static property measurements of the TVP ensure that the TVP has not been modified from the “trusted” version in any way. The static property measurements are stored in one of the PCRs (Platform Configuration Registers) of the TPM, e.g., PCR 316-1. In FIG. 3, TPM 161 is shown to have N PCRs. Each time a software layer is added to the TVP, a checksum is computed for that software layer and “extended” into a PCR. The “extend” operation concatenates the computed checksum with a hash value that has been previously computed and stored in the PCR, and generates a new hash of the concatenated value. The newly generated hash value is stored back in the same PCR. As a final step, which is an optional step, event log 317 is “extended” into the PCR. The entries of event log 317, which is maintained in memory, identify software layers, their version numbers, and corresponding PCR, in the order they were added to the TVP. The last entry of event log 317 is for the event log and identifies the PCR corresponding to the event log. A modification of the TVP from its “trusted” version would be detected when any of the values stored in the PCR do not match an expected value. In alternative embodiments, the newly generated hash values may be stored in different PCRs and event log 3171 indicates the correspondence between the static property measurements and the PCRs.
  • FIG. 4 is a flow diagram that illustrates the method of powering on a virtual machine according to one or more embodiments of the present invention. At step 410, the user sends a request to power on his or her virtual machine to the cloud manager, who passes on the request to the virtual machine management server. If it is determined at step 412 that the virtual machine is to be run on a TVP, the method proceeds to step 416. On the other hand, if a TVP is not required, the virtual machine is powered on normally at step 414.
  • At step 416, the TVP retrieves a VM configuration file corresponding to the requested virtual machine from storage. The VM configuration file provides encrypted configuration information and includes a plain text portion including the customer ID and the domain name of the customer (or “user”) or the customer's trusted third party (hereinafter referred to as “key provider”). At step 418, the TVP establishes a secure connection (e.g., SSL-encrypted session) with the key provider. This step includes first obtaining the SSL certificate for the key provider and then verifying that the SSL certificate has been signed by a proper certificate authority. At step 420, the TVP requests the key provider for one or more keys needed for powering up the virtual machine. The keys will allow the TVP to decrypt the remainder of the VM configuration file and associated data files, e.g., the virtual disk of the virtual machine. As part of this request, it also sends the customer ID. Upon receiving the request at step 422, the key provider activates the AIK (Attestation Identification Key) to be used for attestation. If there is no AIK, the key provider requests one from the TVP, in response to which the TPM of the TVP generates the public and private portions of the AIK. The TVP then binds the public portion of the AIK to the public portion of the EK and sends the bound keys to the key provider. As part of the AIK activation step, the key provider retrieves the public portion of the AIK, and also checks its inventory to verify that the public portion of the EK that was bound to the public portion of the AIK is part of the inventory of the customer's cloud provider.
  • After activation of the AIK, at step 424, the key provider requests the TVP for a quote of the PCRs of the TPM. The key provider also generates a random nonce and transmits the random nonce with the request at step 424. The TVP receives the request for the quote of the PCRs and the random nonce, and at step 426 the TPM generates the quote of the PCRs and encrypts the quote of the PCRs along with the random nonce using the private portion of the AIK. The quote of the PCRs and the random nonce are transmitted to the key provider at step 428. It should be recognized that the exchange of the random nonce protects against replay attacks.
  • At step 430, the key provider carries out the step of verifying the quote of the PCRs. This step includes decrypting the data received from the TVP using the public portion of the AIK, comparing the PCR values included in the quote of the PCRs against expected PCR values, and comparing the decrypted random nonce with the random nonce that was sent at step 424. If it is determined at step 432 that all of these checks have passed, the key provider transmits the keys at step 434, and the TVP uses the keys to read the VM configuration file and power on the virtual machine at step 436. On the other hand, if any of the checks failed, the key provider transmits an error message at step 438 and the virtual machine power on attempted by the TVP is unsuccessful (step 440).
  • Even after the virtual machine has been powered on, the TVP only permits certain management operations to be performed on the virtual machine. FIG. 5 is a flow diagram that illustrates the method of handling management operations to be performed on a virtual machine running on a TVP, according to one or more embodiments of the present invention. The management operations include virtual machine power off, migrating virtual machines between physical computers, creating/reverting/destroying virtual machine snapshots, adding/removing devices from virtual machines, and allocating processing and memory resources to virtual machines.
  • At step 510, the cloud manager, the virtual machine management server, or the administrator initiates a management operation on a virtual machine. Certain management operations do not compromise the security of a virtual machine and so those are handled in the normal way at step 514. If it is determined at step 512 that the management operation initiated at step 510 has security implications and is therefore a restricted operation, then the TVP requests the key provider for permission to carry out the management operation at step 516. The key provider receives this request at step 518 and determines at step 520 whether or not the requested management operation is permitted by the customer's policy. If it is permitted, keys for performing the requested management operation are sent to the TVP at step 522, and the TVP performs the management operation on the virtual machine at step 528. If it is not permitted, a message indicating denial of the request is sent to the TVP at step 522.
  • Step 530 is implemented in the TVP so that the key provider can audit the trail of management operations performed on the virtual machine. In one embodiment, after step 514 and step 524 are carried out, the management operation that was performed on the virtual machine is reported to the key provider at step 530. In another embodiment, the types of management operations executed in step 514 or step 524 that are reported are defined in the customer's security policy. At step 532, the key provider stores the reported operation and monitors it at step 534 for any operations that might compromise the security of the virtual machine. If a possible security breach is detected at step 536, a request to power off the virtual machine or to perform some other remediation action as may be preconfigured by the customer or according to customer's policy is sent at step 538. Examples may include an alert being sent to the customer, or migrating the VM to the customer's private cloud, i.e., the customer's own data center. At step 540, the virtual machine is powered off or some other remedial action is taken as may be preconfigured by the customer or according to customer's policy If a possible security breach is not detected at step 536, the flow returns to step 534, and the audit trail is continued to be monitored.
  • As one example, if a load balancing module running inside virtual machine management server 140 is recommending a migration of a virtual machine running in physical computer 150 to a target physical computer, the method described in FIG. 5 would be carried out to obtain keys for this management operation. If the target physical computer is physical computer 154, the request will be denied because physical computer 154 is not running a TVP. On the other hand, if the target physical computer is physical computer 152, the request will be granted after verifying the quote of the PCRs of the TPM in physical computer 152 and after confirming that TPM in physical computer 152 is found in the inventory of TPMs inside cloud X 130. The keys that are transmitted to the TVP includes a key for securely transmitting memory state of the running virtual machine over the network from physical computer 150 to physical computer 152, a key for decrypting the VM configuration file, and a key for decrypting the VM's virtual disk. In an alternative embodiment, after the memory state of the running virtual machine has been migrated, the TVP in physical computer 152 contacts the key provider for keys to power on the virtual machine in physical computer 152 according to the method described in conjunction with FIG. 4.
  • In the example method of handling management operations to be performed on a virtual machine running on a TVP, illustrated in FIG. 5, the audit trail message is sent after a restricted management operation is carried out. In other embodiments of the present invention, the audit trail message is sent after it has been determined that the management operation is a restricted operation in step 512 and before such management operation is actually carried out, e.g., between steps 512 and 516.
  • In order to allow administrators or support engineers to debug certain class of issues, a new shell mode may be included in the TVP. This new shell mode provides shell access to the physical computer and hypervisor running thereon, but only after the TVP scrubs all memory and storage that can potentially leak customer data. After the scrubbing, the TVP causes the TPM to extend a hash of the shell's binary code to be into the PCR where the hash of the TVP has been recorded so that the quote of the PCRs will reflect the fact that a support shell has been launched on the physical computer. From this point on, the virtual machine cannot be restarted on this physical machine without going through the reboot process. If more than one virtual machine is running on the TVP, the support shell will not be allowed if the policy of any one virtual machine does not allow it.
  • In another embodiment of the present invention, the trusted software stack is not a trusted virtualization platform, but a trusted platform on which a normal user application can be executed. In such embodiments, the trusted software stack would include an operating system kernel in place of the virtual machine kernel, and the files stored in data store 160 that are encrypted would include configuration files for the application and files created and modified by the application.
  • The embodiment of the present invention shown in FIG. 1 includes a TPM as a module for performing remote attestation, but it should be recognized that other embodiments of the present invention may provide the remote attestation functionality using different modules. Furthermore, in an alternative embodiment, the key provider, before sending a key for performing restricted management operations to any server, encrypts the key using a public key of the target server. The encrypted key can be decrypted only with a private key associated with the public key, i.e., the private key of the target server, so that if any other servers intercepted the encrypted key, it cannot be decrypted. Further, the encrypted key cannot be decrypted even by the target server using its private key, if the trusted platform on the target server has changed such that the current static properties of the trusted platform does not match the previously measured and recorded static properties of the trusted platform.
  • In a further embodiment of the present invention, which is an extension of the embodiments of the present invention employing a TPM as a module for performing remote attestation, one or more keys for performing restricted management operations on the VM are encrypted upon receipt by the server from the key provider, and the encrypted keys are transmitted back to the key provider. If the server needs one of the keys to perform a restricted management operation at a later time, the key provider, after performing the remote attestation on the server and confirming that the trusted platform on the server has not changed, transmits the encrypted key to the server. It should be recognized that the encryption of the keys for performing restricted management operations in this manner provides another layer of security for the keys.
  • The various embodiments described herein may employ various computer-implemented operations involving data stored in computer systems. For example, these operations may require physical manipulation of physical quantities which usually, though not necessarily, take the form of electrical or magnetic signals where they, or representations of them, are capable of being stored, transferred, combined, compared, or otherwise manipulated. Further, such manipulations are often referred to in terms, such as producing, identifying, determining, or comparing. Any operations described herein that form part of one or more embodiments of the invention may be useful machine operations. In addition, one or more embodiments of the invention also relate to a device or an apparatus for performing these operations. The apparatus may be specially constructed for specific required purposes, or it may be a general purpose computer selectively activated or configured by a computer program stored in the computer. In particular, various general purpose machines may be used with computer programs written in accordance with the description provided herein, or it may be more convenient to construct a more specialized apparatus to perform the required operations.
  • The various embodiments described herein may be practiced with other computer system configurations including hand-held devices, microprocessor systems, microprocessor-based or programmable consumer electronics, minicomputers, mainframe computers, and the like.
  • One or more embodiments of the present invention may be implemented as one or more computer programs or as one or more computer program modules embodied in one or more computer readable media. The term computer readable medium refers to any data storage device that can store data which can thereafter be input to a computer system; computer readable media may be based on any existing or subsequently developed technology for embodying computer programs in a manner that enables them to be read by a computer. Examples of a computer readable medium include a hard drive, network attached storage (NAS), read-only memory, random-access memory (e.g., a flash memory device), a CD-ROM (Compact Disc-ROM), a CD-R, or a CD-RW, a DVD (Digital Versatile Disc), a magnetic tape, and other optical and non-optical data storage devices. The computer readable medium can also be distributed over a network coupled computer system so that the computer readable code is stored and executed in a distributed fashion.
  • Although one or more embodiments of the present invention have been described in some detail for clarity of understanding, it will be apparent that certain changes and modifications may be made within the scope of the claims. Accordingly, the described embodiments are to be considered as illustrative and not restrictive, and the scope of the claims is not to be limited to details given herein, but may be modified within the scope and equivalents of the claims. In the claims, elements and/or steps do not imply any particular order of operation, unless explicitly stated in the claims.
  • Plural instances may be provided for components, operations or structures described herein as a single instance. Finally, boundaries between various components, operations and data stores are somewhat arbitrary, and particular operations are illustrated in the context of specific illustrative configurations. Other allocations of functionality are envisioned and may fall within the scope of the invention(s). In general, structures and functionality presented as separate components in exemplary configurations may be implemented as a combined structure or component. Similarly, structures and functionality presented as a single component may be implemented as separate components. These and other variations, modifications, additions, and improvements may fall within the scope of the appended claims(s).

Claims (23)

1. A method of securing virtual machines in a multi-tenant data center including a plurality of server computers and persistent data stores, comprising:
configuring a server computer with an attestation module;
installing a software stack on the server computer;
measuring, with the attestation module, a static property of the software stack and storing the measurement;
transmitting the measurement to an external entity and, in response thereto, receiving from the external entity a key for running a virtual machine on top of the software stack; and
running the virtual machine on top of the software stack using the key.
2. The method of claim 1, wherein the external entity is an owner of the virtual machine or a third party to whom the owner has delegated security monitoring responsibilities.
3. The method of claim 1, wherein the software stack does not permit selected management operations to be performed on the virtual machine without permission from the external entity.
4. The method of claim 3, wherein the selected management operations include migration of the virtual machine to another server computer, creation of a snapshot of the virtual machine, and in-place upgrade of the virtual machine.
5. The method of claim 1, further comprising:
storing a virtual disk of the virtual machine in a persistent data store in encrypted form;
and receiving a key for decrypting the virtual disk from the external entity.
6. The method of claim 1, wherein the software stack prevents the virtual machine from communicating with an identified virtual machine running on another sever computer without an encryption key.
7. The method of claim 6, further comprising:
transmitting a request for the encryption key to the external entity, the request including an identification of the virtual machine running on another sever computer.
8. The method of claim 1, wherein the software stack has multiple layers and a static property measurement is carried out incrementally each time a software layer is added.
9. The method of claim 8, wherein the TPM has multiple registers and each incremental static property measurement is recorded in one of the registers of the TPM.
10. A non-transitory machine readable storage medium for securing virtual machines in a multi-tenant data center including a plurality of server computers and persistent data stores, the machine readable storage medium having computer instructions encoded thereon causing a computer configured as a trusted virtualization platform to perform a method, the method comprising:
receiving a request for a key to run a virtual machine on a server computer configured with an attestation module, the key request including a customer ID associated with the virtual machine;
requesting the server computer for static property measurements of a software stack on top which the virtual machine will be run and, in response thereto, receiving the static property measurements; and
confirming from the static property measurements that the software stack is a trusted software stack and, after said confirming, transmitting to the server computer the key to run the virtual machine on the server computer.
11. The machine readable storage medium of 10, wherein the method further comprises:
receiving a public key of the attestation module from the server computer; and
searching for the public key in an inventory associated with the multi-tenant data center,
wherein the key to run the virtual machine on the server computer is transmitted to the server computer after it is confirmed that the public key has been found in the inventory of associated with the multi-tenant data center.
12. The machine readable storage medium of 10, wherein the method further comprises:
receiving a request to perform an operation on the virtual machine running on the server computer; and
examining a policy associated with the virtual machine and transmitting a key for performing the operation on the virtual machine if the policy permits the operation and transmitting a message denying the request if the policy does not permit the operation.
13. The machine readable storage medium of 12, wherein each of the keys has an associated lease period, after the expiration of which the key is no longer valid.
14. The machine readable storage medium of 10, wherein the method further comprises:
receiving and recording a report of operations performed on the virtual machine.
15. The machine readable storage medium of 10, wherein the method further comprises:
after the virtual machine is running on the server computer, transmitting a key for encrypting and decrypting data stored in a virtual disk of the virtual machine.
16. The machine readable storage medium of 10, wherein the method further comprises:
receiving a request to transmit a network packet to another virtual machine running in a different server computer;
confirming that the different server computer is running a trusted software stack and said another virtual machine is running on top of the trusted software stack; and
upon said confirming, transmitting to the server computer a key for encrypting the network packet to be transmitted to said another virtual machine.
17. The machine readable storage medium of 10, wherein the method further comprises:
receiving a public portion of an attestation identification key (AIK) from the server computer,
wherein the static property measurements are encrypted with a private portion of the AIK and decrypted using the public portion of the AIK.
18. The machine readable storage medium of 10, wherein the method further comprises:
transmitting a random nonce to the server computer; and
confirming that the static property measurements were actually transmitted by the server computer when the random nonce is also received from the server computer.
19. A multi-tenant data center comprising:
a plurality of server computers, each of which is configured with a trusted platform module and a trusted virtualization platform having one or more software layers on top of which a customer application is to be executed; and
a persistent storage system coupled to the server computers, in which files for launching the customer application are stored, the files including an encrypted portion and a plain text portion that identifies the customer and a network location associated with the customer,
wherein the trusted virtualization platform is programmed to: (i) report any changes to the trusted virtualization platform to the network location associated with the customer; (ii) obtain keys from the network location associated with the customer to decrypt the encrypted portion of the files for launching the customer application; and (iii) prohibit direct inspection of memory of the virtual machine.
20. The system of claim 19, wherein the keys are stored in the memory of the virtual machine and are inaccessible by an administrator.
21. The system of claim 20, wherein the keys are not stored persistently by the server computer.
22. The system of claim 19, wherein at least one of the keys has a lease period.
23. The system of claim 19, wherein the application is an instance of a virtual machine, and the files include a configuration file for the virtual machine and a virtual disk of the virtual machine.
US13/045,212 2010-06-02 2011-03-10 Securing customer virtual machines in a multi-tenant cloud Active 2032-09-26 US8909928B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US13/045,212 US8909928B2 (en) 2010-06-02 2011-03-10 Securing customer virtual machines in a multi-tenant cloud

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US35080910P 2010-06-02 2010-06-02
US13/045,212 US8909928B2 (en) 2010-06-02 2011-03-10 Securing customer virtual machines in a multi-tenant cloud

Publications (2)

Publication Number Publication Date
US20110302415A1 true US20110302415A1 (en) 2011-12-08
US8909928B2 US8909928B2 (en) 2014-12-09

Family

ID=43919920

Family Applications (1)

Application Number Title Priority Date Filing Date
US13/045,212 Active 2032-09-26 US8909928B2 (en) 2010-06-02 2011-03-10 Securing customer virtual machines in a multi-tenant cloud

Country Status (5)

Country Link
US (1) US8909928B2 (en)
EP (1) EP2577539B1 (en)
JP (2) JP2013528872A (en)
AU (1) AU2011261831B2 (en)
WO (1) WO2011152910A1 (en)

Cited By (128)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090249073A1 (en) * 2005-06-30 2009-10-01 Wiseman Williard M Apparatus and method for group session key and establishment using a certified migration key
US20120102572A1 (en) * 2010-10-20 2012-04-26 International Business Machines Corporation Node controller for an endpoint in a cloud computing environment
US20120239631A1 (en) * 2010-09-04 2012-09-20 International Business Machines Corporation Disk scrubbing
CN102739689A (en) * 2012-07-16 2012-10-17 四川师范大学 File data transmission device and method used for cloud storage system
US20120266231A1 (en) * 2011-04-18 2012-10-18 Bank Of America Corporation Secure Network Cloud Architecture
US20120324236A1 (en) * 2011-06-16 2012-12-20 Microsoft Corporation Trusted Snapshot Generation
CN103051451A (en) * 2011-12-12 2013-04-17 微软公司 Encryption authentication of security service execution environment
US20130167200A1 (en) * 2011-12-22 2013-06-27 Microsoft Corporation Techniques to store secret information for global data centers
US20130173900A1 (en) * 2011-12-28 2013-07-04 Huawei Technologies Co., Ltd. Key transmission method and device of a virtual machine under full disk encryption during pre-boot
US20130198743A1 (en) * 2012-01-26 2013-08-01 Empire Technology Development Llc Data center with continuous world switch security
US20130198797A1 (en) * 2012-01-30 2013-08-01 Yeluri Raghuram Remote trust attestation and geo-location of servers and clients in cloud computing environments
US20130227561A1 (en) * 2012-02-29 2013-08-29 Daniel J. Walsh Mechanism for Applying a Custom Security Type Label to Multi-Tenant Applications of a Node in a Platform-as-a-Service (PaaS) Environment
US20130227635A1 (en) * 2012-02-29 2013-08-29 Daniel J. Walsh Mechanism for Applying Security Category Labels to Multi-Tenant Applications of a Node in a Platform-as-a-Service (PaaS) Environment
US20130227085A1 (en) * 2012-02-24 2013-08-29 Pantech Co., Ltd. Terminal and method for using cloud services
US8528101B1 (en) * 2011-09-20 2013-09-03 Amazon Technologies, Inc. Integrated physical security control system for computing resources
WO2013174437A1 (en) * 2012-05-24 2013-11-28 Telefonaktiebolaget L M Ericsson (Publ) Enhanced secure virtual machine provisioning
US20140007087A1 (en) * 2012-06-29 2014-01-02 Mark Scott-Nash Virtual trusted platform module
US20140075432A1 (en) * 2012-09-07 2014-03-13 Michael P. McGrath Mechanism for Application Partitioning in a Multi-Tenant Platform-as-a-Service (PaaS) Environment in a Cloud Computing System
US20140143293A1 (en) * 2012-11-19 2014-05-22 International Business Machines Corporation Managing Assets
US8800009B1 (en) 2011-12-30 2014-08-05 Google Inc. Virtual machine service access
US8832820B2 (en) 2012-06-25 2014-09-09 International Business Machines Corporation Isolation and security hardening among workloads in a multi-tenant networked environment
US20140258235A1 (en) * 2013-03-05 2014-09-11 VCE Company LLC Method to provide user domain management of snapshots for virtual desktops using centralized portal
US20140281509A1 (en) * 2013-03-15 2014-09-18 Novell, Inc. Techniques for secure data extraction in a virtual or cloud environment
US8850514B2 (en) 2012-05-01 2014-09-30 Red Hat, Inc. Cartridges in a multi-tenant platforms-as-a-service (PaaS) system implemented in a cloud computing environment
JP2014192639A (en) * 2013-03-26 2014-10-06 Fujitsu Fsas Inc Terminal device and determination method
US8874888B1 (en) 2011-01-13 2014-10-28 Google Inc. Managed boot in a cloud system
WO2014185845A1 (en) * 2013-05-13 2014-11-20 Telefonaktiebolaget L M Ericsson (Publ) Procedure for platform enforced secure storage in infrastructure clouds
US8922224B2 (en) 2012-08-07 2014-12-30 Lenovo Enterprise Solutions (Singapore) Pte. Ltd. Snoop detection on calibrated bus
US8924720B2 (en) * 2012-09-27 2014-12-30 Intel Corporation Method and system to securely migrate and provision virtual machine images and content
US8938611B1 (en) * 2012-02-02 2015-01-20 Trend Micro, Inc. Enterprise cloud security gateway
US8958293B1 (en) 2011-12-06 2015-02-17 Google Inc. Transparent load-balancing for cloud computing services
US8966198B1 (en) 2011-09-01 2015-02-24 Google Inc. Providing snapshots of virtual storage devices
WO2015047285A1 (en) * 2013-09-27 2015-04-02 Intel Corporation Protection scheme for remotely-stored data
US20150121369A1 (en) * 2013-10-31 2015-04-30 Vmware, Inc. Guarded virtual machines
CN104615551A (en) * 2015-02-09 2015-05-13 联想(北京)有限公司 Information processing method and electronic device
US9043933B2 (en) 2010-06-30 2015-05-26 International Business Machines Corporation Method of processing data to enable external storage thereof with minimized risk of information leakage
US9059973B2 (en) 2013-01-15 2015-06-16 International Business Machines Corporation Securing sensitive information in a network cloud
US9058198B2 (en) 2012-02-29 2015-06-16 Red Hat Inc. System resource sharing in a multi-tenant platform-as-a-service environment in a cloud computing system
US9075979B1 (en) 2011-08-11 2015-07-07 Google Inc. Authentication based on proximity to mobile device
US9087196B2 (en) * 2010-12-24 2015-07-21 Intel Corporation Secure application attestation using dynamic measurement kernels
US9104798B2 (en) 2013-05-03 2015-08-11 International Business Machines Corporation Enabling remote debugging of virtual machines running in a cloud environment
US20150244716A1 (en) * 2014-02-24 2015-08-27 Amazon Technologies, Inc. Securing client-specified credentials at cryptograpically attested resources
US9178698B1 (en) * 2011-12-21 2015-11-03 Google Inc. Dynamic key management
US20150358294A1 (en) * 2014-06-05 2015-12-10 Cavium, Inc. Systems and methods for secured hardware security module communication with web service hosts
WO2015200606A1 (en) * 2014-06-27 2015-12-30 Intel Corporation Reporting platform information using a secure agent
US20150381578A1 (en) * 2014-06-30 2015-12-31 Nicira, Inc. Method and Apparatus for Differently Encrypting Data Messages for Different Logical Networks
US9231933B1 (en) 2011-03-16 2016-01-05 Google Inc. Providing application programs with access to secured resources
US9237087B1 (en) 2011-03-16 2016-01-12 Google Inc. Virtual machine name resolution
US9245111B2 (en) 2012-05-01 2016-01-26 Red Hat, Inc. Owner command execution in a multi-tenant cloud hosting environment
JP2016506107A (en) * 2012-11-22 2016-02-25 華為技術有限公司Huawei Technologies Co.,Ltd. Management control method, apparatus and system for virtual machine
US20160078212A1 (en) * 2014-09-17 2016-03-17 International Business Machines Corporation Hypervisor and virtual machine protection
JP2016511610A (en) * 2013-03-15 2016-04-14 インターナショナル・ビジネス・マシーンズ・コーポレーションInternational Business Machines Corporation Key management method, apparatus, computer program product, and cloud computing infrastructure in a multi-tenant computing infrastructure (key management in a multi-tenant environment)
US9317325B2 (en) 2012-05-01 2016-04-19 Red Hat, Inc. Application idling in a multi-tenant cloud-based application hosting environment
US9323921B2 (en) 2010-07-13 2016-04-26 Microsoft Technology Licensing, Llc Ultra-low cost sandboxing for application appliances
US20160179624A1 (en) * 2014-12-17 2016-06-23 Airwatch Llc Expedited Device Backup, Wipe, and Enrollment
US20160182458A1 (en) * 2014-12-17 2016-06-23 Cisco Technology, Inc. End-to-end security for virtual private service chains
US9389933B2 (en) 2011-12-12 2016-07-12 Microsoft Technology Licensing, Llc Facilitating system service request interactions for hardware-protected applications
US9405593B2 (en) 2012-09-06 2016-08-02 Red Hat, Inc. Scaling of application resources in a multi-tenant platform-as-a-service environment in a cloud computing system
US9407612B2 (en) * 2014-10-31 2016-08-02 Intel Corporation Technologies for secure inter-virtual network function communication
US9426155B2 (en) 2013-04-18 2016-08-23 International Business Machines Corporation Extending infrastructure security to services in a cloud computing environment
US20160248811A1 (en) * 2013-10-25 2016-08-25 Zte Corporation Method and device for customizing security service
CN105933300A (en) * 2016-04-14 2016-09-07 郭剑锋 Safety management method and device
US20160269446A1 (en) * 2012-03-19 2016-09-15 Amazon Technologies, Inc. Template representation of security resources
US9495183B2 (en) 2011-05-16 2016-11-15 Microsoft Technology Licensing, Llc Instruction set emulation for guest operating systems
US9509718B1 (en) * 2014-07-17 2016-11-29 Sprint Communications Company L.P. Network-attached storage solution for application servers
US9509503B1 (en) * 2010-12-29 2016-11-29 Amazon Technologies, Inc. Encrypted boot volume access in resource-on-demand environments
US9519787B2 (en) * 2014-11-14 2016-12-13 Microsoft Technology Licensing, Llc Secure creation of encrypted virtual machines from encrypted templates
US9519498B2 (en) 2013-12-24 2016-12-13 Microsoft Technology Licensing, Llc Virtual machine assurances
US9544137B1 (en) 2010-12-29 2017-01-10 Amazon Technologies, Inc. Encrypted boot volume access in resource-on-demand environments
WO2017005276A1 (en) 2015-07-03 2017-01-12 Telefonaktiebolaget Lm Ericsson (Publ) Virtual machine integrity
US9553850B2 (en) 2014-06-30 2017-01-24 International Business Machines Corporation Multi-tenant secure separation of data in a cloud-based application
US9578017B2 (en) 2014-05-05 2017-02-21 Microsoft Technology Licensing, Llc Secure management of operations on protected virtual machines
US9584317B2 (en) 2014-10-13 2017-02-28 Microsoft Technology Licensing, Llc Identifying security boundaries on computing devices
US9588803B2 (en) 2009-05-11 2017-03-07 Microsoft Technology Licensing, Llc Executing native-code applications in a browser
WO2017058918A1 (en) * 2015-09-28 2017-04-06 Microsoft Technology Licensing, Llc Multi-tenant environment using pre-readied trust boundary components
US9665411B2 (en) 2012-05-01 2017-05-30 Red Hat, Inc. Communication between a server orchestration system and a messaging system
US9673982B2 (en) 2015-09-16 2017-06-06 Sprint Communications Company L.P. Efficient hardware trust verification in data communication systems that comprise network interface cards, central processing units, and data memory buffers
EP3063690A4 (en) * 2013-11-01 2017-06-07 Intuit Inc. Method and system for validating a virtual asset
US9692858B2 (en) 2012-07-17 2017-06-27 International Business Machines Corporation Security model for a memory of a network information system
US9696940B1 (en) 2013-12-09 2017-07-04 Forcepoint Federal Llc Technique for verifying virtual machine integrity using hypervisor-based memory snapshots
US9710626B2 (en) 2012-07-06 2017-07-18 International Business Machines Corporation Security model for network information service
US9720668B2 (en) 2012-02-29 2017-08-01 Red Hat, Inc. Creating and maintaining multi-tenant applications in a platform-as-a-service (PaaS) environment of a cloud computing system
US9734325B1 (en) * 2013-12-09 2017-08-15 Forcepoint Federal Llc Hypervisor-based binding of data to cloud environment for improved security
US9740516B1 (en) 2011-01-13 2017-08-22 Google Inc. Virtual network protocol
US9769251B2 (en) * 2015-09-22 2017-09-19 International Business Machines Corporation Deployment of virtual machines
US9785492B1 (en) 2013-12-09 2017-10-10 Forcepoint Llc Technique for hypervisor-based firmware acquisition and analysis
TWI602078B (en) * 2012-03-15 2017-10-11 英特爾公司 Method, apparatus, medium and system for remote trust attestation and geo-location of servers and clients in cloud computing environments
US9792427B2 (en) * 2014-02-07 2017-10-17 Microsoft Technology Licensing, Llc Trusted execution within a distributed computing system
US9841987B2 (en) 2015-12-17 2017-12-12 International Business Machines Corporation Transparent secure interception handling
US9842002B2 (en) 2012-05-01 2017-12-12 Red Hat, Inc. Node selection for a new application in a multi-tenant cloud hosting environment
US20170357819A1 (en) * 2016-06-10 2017-12-14 Dark Matter L.L.C Peer-to-peer security protocol apparatus, computer program, and method
US20180011727A1 (en) * 2015-01-27 2018-01-11 Nec Corporation Virtualization system, server, terminal, virtualization method, and program recording medium
US9882901B2 (en) 2015-12-14 2018-01-30 International Business Machines Corporation End-to-end protection for shrouded virtual servers
US9910972B2 (en) 2012-01-30 2018-03-06 Intel Corporation Remote trust attestation and geo-location of servers and clients in cloud computing environments
US9930066B2 (en) 2013-02-12 2018-03-27 Nicira, Inc. Infrastructure level LAN security
RU2648941C2 (en) * 2012-10-12 2018-03-28 Конинклейке Филипс Н.В. Secure data handling by virtual machine
US10019279B2 (en) 2015-12-17 2018-07-10 International Business Machines Corporation Transparent secure interception handling
US10037196B2 (en) * 2015-01-27 2018-07-31 Red Hat, Inc. Source to image framework for a platform-as-a-service system
US10055247B2 (en) 2014-04-18 2018-08-21 Intuit Inc. Method and system for enabling self-monitoring virtual assets to correlate external events with characteristic patterns associated with the virtual assets
US10057273B1 (en) * 2016-03-30 2018-08-21 EMC IP Holding Company LLC System and method for ensuring per tenant mutual exclusion of data and administrative entities with low latency and high scale
US10102082B2 (en) 2014-07-31 2018-10-16 Intuit Inc. Method and system for providing automated self-healing virtual assets
US10121007B2 (en) 2014-02-21 2018-11-06 Intuit Inc. Method and system for providing a robust and efficient virtual asset vulnerability management and verification service
US10168949B1 (en) * 2018-06-14 2019-01-01 Rubrik, Inc. Envoy for multi-tenant compute infrastructure
US20190007378A1 (en) * 2017-06-28 2019-01-03 Microsoft Technology Licensing, Llc Shielded networks for virtual machines
US10229272B2 (en) 2014-10-13 2019-03-12 Microsoft Technology Licensing, Llc Identifying security boundaries on computing devices
US10230529B2 (en) * 2015-07-31 2019-03-12 Microsft Technology Licensing, LLC Techniques to secure computation data in a computing environment
US10275267B1 (en) * 2012-10-22 2019-04-30 Amazon Technologies, Inc. Trust-based resource allocation
CN109729147A (en) * 2018-11-28 2019-05-07 国云科技股份有限公司 The auditing system and implementation method of multi-tenant are supported under a kind of cloud environment
US10303879B1 (en) 2014-11-06 2019-05-28 Amazon Technologies, Inc. Multi-tenant trusted platform modules
US10318723B1 (en) * 2016-11-29 2019-06-11 Sprint Communications Company L.P. Hardware-trusted network-on-chip (NOC) and system-on-chip (SOC) network function virtualization (NFV) data communications
CN109964205A (en) * 2016-11-14 2019-07-02 微软技术许可有限责任公司 Security key management
US10346151B2 (en) * 2016-07-06 2019-07-09 CloudBolt Software Inc. Cloud computing resource orchestration
US10365953B2 (en) 2012-05-01 2019-07-30 Red Hat, Inc. Tracking and utilizing facts about a node of a multi-tenant cloud hosting environment
US20190281080A1 (en) * 2016-11-16 2019-09-12 Red Hat, Inc. Multi-tenant cloud security threat detection
WO2020060609A1 (en) * 2018-09-17 2020-03-26 Microsoft Technology Licensing, Llc Verifying a computing device after transport
US10757133B2 (en) 2014-02-21 2020-08-25 Intuit Inc. Method and system for creating and deploying virtual assets
US10798073B2 (en) 2016-08-26 2020-10-06 Nicira, Inc. Secure key management protocol for distributed network encryption
US20210374234A1 (en) * 2020-05-28 2021-12-02 Red Hat, Inc. Using trusted execution environments to perform a communal operation for mutually-untrusted devices
US20210374232A1 (en) * 2020-05-28 2021-12-02 Red Hat, Inc. Data distribution using a trusted execution environment in an untrusted device
US11263294B2 (en) * 2017-07-21 2022-03-01 Oraclize Limited Apparatus and method for verificability /auditability of correct process execution on electronic platforms
US11288381B2 (en) 2019-07-19 2022-03-29 Eaglys Inc. Calculation device, calculation method, calculation program and calculation system
US11294700B2 (en) 2014-04-18 2022-04-05 Intuit Inc. Method and system for enabling self-monitoring virtual assets to correlate external events with characteristic patterns associated with the virtual assets
US11323480B2 (en) * 2019-05-07 2022-05-03 Cisco Technology, Inc. Policy enforcement and introspection on an authentication system
US11431482B2 (en) * 2021-01-26 2022-08-30 Citrix Systems, Inc. Configuration of headless network appliances
US11521139B2 (en) 2012-09-24 2022-12-06 Amazon Technologies, Inc. Providing system resources with secure containment units
US11620719B2 (en) 2011-09-12 2023-04-04 Microsoft Technology Licensing, Llc Identifying unseen content of interest
US11848924B2 (en) 2020-10-12 2023-12-19 Red Hat, Inc. Multi-factor system-to-system authentication using secure execution environments
US11947659B2 (en) 2020-05-28 2024-04-02 Red Hat, Inc. Data distribution across multiple devices using a trusted execution environment in a mobile device

Families Citing this family (112)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8909928B2 (en) * 2010-06-02 2014-12-09 Vmware, Inc. Securing customer virtual machines in a multi-tenant cloud
US9736065B2 (en) 2011-06-24 2017-08-15 Cisco Technology, Inc. Level of hierarchy in MST for traffic localization and load balancing
US8908698B2 (en) 2012-01-13 2014-12-09 Cisco Technology, Inc. System and method for managing site-to-site VPNs of a cloud managed network
KR20130085617A (en) * 2012-01-20 2013-07-30 한국전자통신연구원 Mapping system and control methods for adaption of id/loc separation in data center of cloud computing
US9201704B2 (en) 2012-04-05 2015-12-01 Cisco Technology, Inc. System and method for migrating application virtual machines in a network environment
US10642636B2 (en) 2012-12-21 2020-05-05 Telefonaktiebolaget Lm Ericsson (Publ) Method and cloud management node for enabling a virtual machine
US9426154B2 (en) * 2013-03-14 2016-08-23 Amazon Technologies, Inc. Providing devices as a service
US9043439B2 (en) 2013-03-14 2015-05-26 Cisco Technology, Inc. Method for streaming packet captures from network access devices to a cloud server over HTTP
WO2014194494A1 (en) * 2013-06-05 2014-12-11 华为技术有限公司 Method, server, host and system for protecting data security
US20140366155A1 (en) * 2013-06-11 2014-12-11 Cisco Technology, Inc. Method and system of providing storage services in multiple public clouds
JP2015007827A (en) * 2013-06-24 2015-01-15 富士通株式会社 Communication control system, communication terminal device, authentication computer, and communication control method
US9998438B2 (en) * 2013-10-23 2018-06-12 Microsoft Technology Licensing, Llc Verifying the security of a remote server
US9401954B2 (en) 2013-11-06 2016-07-26 International Business Machines Corporation Scaling a trusted computing model in a globally distributed cloud environment
US9755858B2 (en) 2014-04-15 2017-09-05 Cisco Technology, Inc. Programmable infrastructure gateway for enabling hybrid cloud services in a network environment
US9473365B2 (en) 2014-05-08 2016-10-18 Cisco Technology, Inc. Collaborative inter-service scheduling of logical resources in cloud platforms
US10122605B2 (en) 2014-07-09 2018-11-06 Cisco Technology, Inc Annotation of network activity through different phases of execution
US10356651B2 (en) 2014-07-17 2019-07-16 Cirrent, Inc. Controlled connection of a wireless device to a network
US9942756B2 (en) * 2014-07-17 2018-04-10 Cirrent, Inc. Securing credential distribution
US10834592B2 (en) 2014-07-17 2020-11-10 Cirrent, Inc. Securing credential distribution
US10154409B2 (en) 2014-07-17 2018-12-11 Cirrent, Inc. Binding an authenticated user with a wireless device
US9825878B2 (en) 2014-09-26 2017-11-21 Cisco Technology, Inc. Distributed application framework for prioritizing network traffic using application priority awareness
US9853873B2 (en) 2015-01-10 2017-12-26 Cisco Technology, Inc. Diagnosis and throughput measurement of fibre channel ports in a storage area network environment
US9553721B2 (en) * 2015-01-30 2017-01-24 Qualcomm Incorporated Secure execution environment communication
US10050862B2 (en) 2015-02-09 2018-08-14 Cisco Technology, Inc. Distributed application framework that uses network and application awareness for placing data
US10708342B2 (en) 2015-02-27 2020-07-07 Cisco Technology, Inc. Dynamic troubleshooting workspaces for cloud and network management systems
US10037617B2 (en) 2015-02-27 2018-07-31 Cisco Technology, Inc. Enhanced user interface systems including dynamic context selection for cloud-based networks
US9900250B2 (en) 2015-03-26 2018-02-20 Cisco Technology, Inc. Scalable handling of BGP route information in VXLAN with EVPN control plane
US10382534B1 (en) 2015-04-04 2019-08-13 Cisco Technology, Inc. Selective load balancing of network traffic
US10222986B2 (en) 2015-05-15 2019-03-05 Cisco Technology, Inc. Tenant-level sharding of disks with tenant-specific storage modules to enable policies per tenant in a distributed storage system
US10476982B2 (en) 2015-05-15 2019-11-12 Cisco Technology, Inc. Multi-datacenter message queue
US11588783B2 (en) 2015-06-10 2023-02-21 Cisco Technology, Inc. Techniques for implementing IPV6-based distributed storage space
US9667606B2 (en) 2015-07-01 2017-05-30 Cyphermatrix, Inc. Systems, methods and computer readable medium to implement secured computational infrastructure for cloud and data center environments
US10034201B2 (en) 2015-07-09 2018-07-24 Cisco Technology, Inc. Stateless load-balancing across multiple tunnels
US10778765B2 (en) 2015-07-15 2020-09-15 Cisco Technology, Inc. Bid/ask protocol in scale-out NVMe storage
US10523646B2 (en) 2015-08-24 2019-12-31 Virtru Corporation Methods and systems for distributing encrypted cryptographic data
WO2017058222A1 (en) * 2015-09-30 2017-04-06 Hewlett Packard Enterprise Development Lp Data transfer requests
US10067780B2 (en) 2015-10-06 2018-09-04 Cisco Technology, Inc. Performance-based public cloud selection for a hybrid cloud environment
US11005682B2 (en) 2015-10-06 2021-05-11 Cisco Technology, Inc. Policy-driven switch overlay bypass in a hybrid cloud network environment
US10462136B2 (en) 2015-10-13 2019-10-29 Cisco Technology, Inc. Hybrid cloud security groups
US10523657B2 (en) 2015-11-16 2019-12-31 Cisco Technology, Inc. Endpoint privacy preservation with cloud conferencing
US10205677B2 (en) 2015-11-24 2019-02-12 Cisco Technology, Inc. Cloud resource placement optimization and migration execution in federated clouds
US10084703B2 (en) 2015-12-04 2018-09-25 Cisco Technology, Inc. Infrastructure-exclusive service forwarding
US9892075B2 (en) 2015-12-10 2018-02-13 Cisco Technology, Inc. Policy driven storage in a microserver computing environment
US10367914B2 (en) 2016-01-12 2019-07-30 Cisco Technology, Inc. Attaching service level agreements to application containers and enabling service assurance
WO2017131775A1 (en) * 2016-01-29 2017-08-03 Hewlett Packard Enterprise Development Lp Device attestation
US9916446B2 (en) * 2016-04-14 2018-03-13 Airwatch Llc Anonymized application scanning for mobile devices
US10140172B2 (en) 2016-05-18 2018-11-27 Cisco Technology, Inc. Network-aware storage repairs
US10129177B2 (en) 2016-05-23 2018-11-13 Cisco Technology, Inc. Inter-cloud broker for hybrid cloud networks
US20170351639A1 (en) 2016-06-06 2017-12-07 Cisco Technology, Inc. Remote memory access using memory mapped addressing among multiple compute nodes
US10447478B2 (en) * 2016-06-06 2019-10-15 Microsoft Technology Licensing, Llc Cryptographic applications for a blockchain system
US10664169B2 (en) 2016-06-24 2020-05-26 Cisco Technology, Inc. Performance of object storage system by reconfiguring storage devices based on latency that includes identifying a number of fragments that has a particular storage device as its primary storage device and another number of fragments that has said particular storage device as its replica storage device
US10659283B2 (en) 2016-07-08 2020-05-19 Cisco Technology, Inc. Reducing ARP/ND flooding in cloud environment
US10432532B2 (en) 2016-07-12 2019-10-01 Cisco Technology, Inc. Dynamically pinning micro-service to uplink port
US10382597B2 (en) 2016-07-20 2019-08-13 Cisco Technology, Inc. System and method for transport-layer level identification and isolation of container traffic
US10263898B2 (en) 2016-07-20 2019-04-16 Cisco Technology, Inc. System and method for implementing universal cloud classification (UCC) as a service (UCCaaS)
US10142346B2 (en) 2016-07-28 2018-11-27 Cisco Technology, Inc. Extension of a private cloud end-point group to a public cloud
US10567344B2 (en) 2016-08-23 2020-02-18 Cisco Technology, Inc. Automatic firewall configuration based on aggregated cloud managed information
US11563695B2 (en) 2016-08-29 2023-01-24 Cisco Technology, Inc. Queue protection using a shared global memory reserve
US11323259B2 (en) * 2016-09-22 2022-05-03 Telefonaktiebolaget Lm Ericsson (Publ) Version control for trusted computing
US10523592B2 (en) 2016-10-10 2019-12-31 Cisco Technology, Inc. Orchestration system for migrating user data and services based on user information
US10608995B2 (en) 2016-10-24 2020-03-31 Nubeva, Inc. Optimizing data transfer costs for cloud-based security services
US10419394B2 (en) 2016-10-24 2019-09-17 Nubeva, Inc. Providing scalable cloud-based security services
US10530815B2 (en) 2016-10-24 2020-01-07 Nubeva, Inc. Seamless service updates for cloud-based security services
IE20170239A1 (en) 2016-11-14 2018-05-16 Google Llc System of Enclaves
US10366227B2 (en) * 2016-11-15 2019-07-30 International Business Machines Corporation Secure debugging in a trustable computing environment
US11044162B2 (en) 2016-12-06 2021-06-22 Cisco Technology, Inc. Orchestration of cloud and fog interactions
US10326817B2 (en) 2016-12-20 2019-06-18 Cisco Technology, Inc. System and method for quality-aware recording in large scale collaborate clouds
US10334029B2 (en) 2017-01-10 2019-06-25 Cisco Technology, Inc. Forming neighborhood groups from disperse cloud providers
US10545914B2 (en) 2017-01-17 2020-01-28 Cisco Technology, Inc. Distributed object storage
US10552191B2 (en) 2017-01-26 2020-02-04 Cisco Technology, Inc. Distributed hybrid cloud orchestration model
US10713077B2 (en) * 2017-01-26 2020-07-14 Semper Fortis Solutions, LLC Multiple single levels of security (MSLS) in a multi-tenant cloud
US10320683B2 (en) 2017-01-30 2019-06-11 Cisco Technology, Inc. Reliable load-balancer using segment routing and real-time application monitoring
US10671571B2 (en) 2017-01-31 2020-06-02 Cisco Technology, Inc. Fast network performance in containerized environments for network function virtualization
US10243823B1 (en) 2017-02-24 2019-03-26 Cisco Technology, Inc. Techniques for using frame deep loopback capabilities for extended link diagnostics in fibre channel storage area networks
US10713203B2 (en) 2017-02-28 2020-07-14 Cisco Technology, Inc. Dynamic partition of PCIe disk arrays based on software configuration / policy distribution
US10254991B2 (en) 2017-03-06 2019-04-09 Cisco Technology, Inc. Storage area network based extended I/O metrics computation for deep insight into application performance
US11005731B2 (en) 2017-04-05 2021-05-11 Cisco Technology, Inc. Estimating model parameters for automatic deployment of scalable micro services
US10439877B2 (en) 2017-06-26 2019-10-08 Cisco Technology, Inc. Systems and methods for enabling wide area multicast domain name system
US10382274B2 (en) 2017-06-26 2019-08-13 Cisco Technology, Inc. System and method for wide area zero-configuration network auto configuration
US10567359B2 (en) * 2017-07-18 2020-02-18 International Business Machines Corporation Cluster of secure execution platforms
US10303534B2 (en) 2017-07-20 2019-05-28 Cisco Technology, Inc. System and method for self-healing of application centric infrastructure fabric memory
US10425288B2 (en) 2017-07-21 2019-09-24 Cisco Technology, Inc. Container telemetry in data center environments with blade servers and switches
US10892940B2 (en) 2017-07-21 2021-01-12 Cisco Technology, Inc. Scalable statistics and analytics mechanisms in cloud networking
US10601693B2 (en) 2017-07-24 2020-03-24 Cisco Technology, Inc. System and method for providing scalable flow monitoring in a data center fabric
US10541866B2 (en) 2017-07-25 2020-01-21 Cisco Technology, Inc. Detecting and resolving multicast traffic performance issues
US10404596B2 (en) 2017-10-03 2019-09-03 Cisco Technology, Inc. Dynamic route profile storage in a hardware trie routing table
US10942666B2 (en) 2017-10-13 2021-03-09 Cisco Technology, Inc. Using network device replication in distributed storage clusters
US10353800B2 (en) 2017-10-18 2019-07-16 Cisco Technology, Inc. System and method for graph based monitoring and management of distributed systems
US11481362B2 (en) 2017-11-13 2022-10-25 Cisco Technology, Inc. Using persistent memory to enable restartability of bulk load transactions in cloud databases
US11036532B2 (en) * 2017-11-29 2021-06-15 Microsoft Technology Licensing, Llc Fast join and leave virtual network
US10705882B2 (en) 2017-12-21 2020-07-07 Cisco Technology, Inc. System and method for resource placement across clouds for data intensive workloads
US11595474B2 (en) 2017-12-28 2023-02-28 Cisco Technology, Inc. Accelerating data replication using multicast and non-volatile memory enabled nodes
US10511534B2 (en) 2018-04-06 2019-12-17 Cisco Technology, Inc. Stateless distributed load-balancing
US10728361B2 (en) 2018-05-29 2020-07-28 Cisco Technology, Inc. System for association of customer information across subscribers
US10904322B2 (en) 2018-06-15 2021-01-26 Cisco Technology, Inc. Systems and methods for scaling down cloud-based servers handling secure connections
US10764266B2 (en) 2018-06-19 2020-09-01 Cisco Technology, Inc. Distributed authentication and authorization for rapid scaling of containerized services
US11019083B2 (en) 2018-06-20 2021-05-25 Cisco Technology, Inc. System for coordinating distributed website analysis
US10819571B2 (en) 2018-06-29 2020-10-27 Cisco Technology, Inc. Network traffic optimization using in-situ notification system
US10735472B2 (en) 2018-07-10 2020-08-04 Cisco Technology, Inc. Container authorization policies for network trust
US10904342B2 (en) 2018-07-30 2021-01-26 Cisco Technology, Inc. Container networking using communication tunnels
US11531777B2 (en) * 2019-01-30 2022-12-20 Virtru Corporation Methods and systems for restricting data access based on properties of at least one of a process and a machine executing the process
US11238174B2 (en) * 2019-01-31 2022-02-01 Salesforce.Com, Inc. Systems and methods of database encryption in a multitenant database management system
US11570213B2 (en) * 2019-04-03 2023-01-31 Cisco Technology, Inc. Collaborative security for application layer encryption
US11809576B2 (en) 2020-01-30 2023-11-07 Red Hat, Inc. Establishing secure remote access to debug logs
JP6867718B1 (en) * 2020-02-20 2021-05-12 Eaglys株式会社 Information processing system, information processing device, information processing method, and information processing program
US11822641B2 (en) 2020-04-29 2023-11-21 Red Hat, Inc. Establishing controlled remote access to debug logs
US11507355B2 (en) 2020-07-20 2022-11-22 International Business Machines Corporation Enforcement of signatures for software deployment configuration
US11363095B1 (en) 2021-01-29 2022-06-14 Netskope, Inc. Policy-driven client and destination priority
US11159419B1 (en) 2021-01-29 2021-10-26 Netskope, Inc. Policy-driven data locality and residency
JP6962629B1 (en) * 2021-03-23 2021-11-05 Eaglys株式会社 Data sharing systems, data sharing methods, and data sharing programs
US11949680B2 (en) 2021-04-30 2024-04-02 Oracle International Corporation Framework for customer control and auditing of operator access to infrastructure in a cloud service
US11843619B1 (en) * 2022-10-07 2023-12-12 Uab 360 It Stateless system to enable data breach notification

Citations (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050283602A1 (en) * 2004-06-21 2005-12-22 Balaji Vembu Apparatus and method for protected execution of graphics applications
US7058807B2 (en) * 2002-04-15 2006-06-06 Intel Corporation Validation of inclusion of a platform within a data center
US20080083039A1 (en) * 2006-09-29 2008-04-03 Su Gil Choi Method for integrity attestation of a computing platform hiding its configuration information
US7392403B1 (en) * 2007-12-19 2008-06-24 International Business Machines Corporation Systems, methods and computer program products for high availability enhancements of virtual security module servers
US20080178176A1 (en) * 2007-01-19 2008-07-24 International Business Machines Corporation Architecture For Supporting Attestation Of A Virtual Machine In A Single Step
US20090178138A1 (en) * 2008-01-07 2009-07-09 Neocleus Israel Ltd. Stateless attestation system
US20090276774A1 (en) * 2008-05-01 2009-11-05 Junji Kinoshita Access control for virtual machines in an information system
US20090282266A1 (en) * 2008-05-08 2009-11-12 Microsoft Corporation Corralling Virtual Machines With Encryption Keys
US20090293058A1 (en) * 2008-05-22 2009-11-26 Samsung Electronics Co., Ltd. Virtual system and method of restricting use of contents in the virtual system
US20100017512A1 (en) * 2008-07-21 2010-01-21 International Business Machines Corporation Method and System For Improvements In or Relating to Off-Line Virtual Environments
US20100132016A1 (en) * 2008-11-26 2010-05-27 James Michael Ferris Methods and systems for securing appliances for use in a cloud computing environment
US7836299B2 (en) * 2005-03-15 2010-11-16 Microsoft Corporation Virtualization of software configuration registers of the TPM cryptographic processor
US20110022812A1 (en) * 2009-05-01 2011-01-27 Van Der Linden Rob Systems and methods for establishing a cloud bridge between virtual storage resources
US20110060947A1 (en) * 2009-09-09 2011-03-10 Zhexuan Song Hardware trust anchor
US20110061050A1 (en) * 2009-09-04 2011-03-10 Sahita Ravi L Methods and systems to provide platform extensions for trusted virtual machines
US20110126197A1 (en) * 2009-11-25 2011-05-26 Novell, Inc. System and method for controlling cloud and virtualized data centers in an intelligent workload management system
US20110179477A1 (en) * 2005-12-09 2011-07-21 Harris Corporation System including property-based weighted trust score application tokens for access control and related methods
US7987289B2 (en) * 2008-06-24 2011-07-26 Microsoft Corporation Participating in cloud as totally stubby edge
US20120042163A1 (en) * 2010-08-13 2012-02-16 International Business Machines Corporation Securely identifying host systems
US8132003B2 (en) * 2005-06-30 2012-03-06 Intel Corporation Secure platform voucher service for software components within an execution environment
US8161285B2 (en) * 2008-09-26 2012-04-17 Microsoft Corporation Protocol-Independent remote attestation and sealing
US20120110328A1 (en) * 2010-10-27 2012-05-03 High Cloud Security, Inc. System and Method For Secure Storage of Virtual Machines
US20120159634A1 (en) * 2010-12-15 2012-06-21 International Business Machines Corporation Virtual machine migration
US20120304233A1 (en) * 2011-05-27 2012-11-29 Verizon Patent And Licensing, Inc. Systems and methods for bridging and managing media content associated with separate media content networks
US8412945B2 (en) * 2011-08-09 2013-04-02 CloudPassage, Inc. Systems and methods for implementing security in a cloud computing environment
US8539551B2 (en) * 2007-12-20 2013-09-17 Fujitsu Limited Trusted virtual machine as a client
US8538919B1 (en) * 2009-05-16 2013-09-17 Eric H. Nielsen System, method, and computer program for real time remote recovery of virtual computing machines
US8799997B2 (en) * 2011-04-18 2014-08-05 Bank Of America Corporation Secure network cloud architecture

Family Cites Families (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH11175475A (en) * 1997-12-11 1999-07-02 Nippon Telegr & Teleph Corp <Ntt> Access control method and record medium for recording access control program
JP4812168B2 (en) * 1999-02-15 2011-11-09 ヒューレット・パッカード・カンパニー Trusted computing platform
US6757824B1 (en) * 1999-12-10 2004-06-29 Microsoft Corporation Client-side boot domains and boot rules
JP3630087B2 (en) * 2000-05-10 2005-03-16 日本電気株式会社 Automatic data processor
GB2376764B (en) 2001-06-19 2004-12-29 Hewlett Packard Co Multiple trusted computing environments
JP2005159905A (en) * 2003-11-27 2005-06-16 Ntt Docomo Inc Data storing device and communication terminal
US7565522B2 (en) * 2004-05-10 2009-07-21 Intel Corporation Methods and apparatus for integrity measurement of virtual machine monitor and operating system via secure launch
WO2008038386A1 (en) * 2006-09-28 2008-04-03 Fujitsu Limited Service providing device, service providing system, and service providing method
US8151262B2 (en) * 2007-03-30 2012-04-03 Lenovo (Singapore) Pte. Ltd. System and method for reporting the trusted state of a virtual machine
JP4782871B2 (en) * 2007-10-03 2011-09-28 富士通株式会社 Device access control program, device access control method, and information processing apparatus
CN101960464B (en) * 2008-02-25 2013-01-16 松下电器产业株式会社 Information processing device
US20100107160A1 (en) * 2008-10-29 2010-04-29 Novell, Inc. Protecting computing assets with virtualization
JP2011048661A (en) * 2009-08-27 2011-03-10 Nomura Research Institute Ltd Virtual server encryption system
US8909928B2 (en) * 2010-06-02 2014-12-09 Vmware, Inc. Securing customer virtual machines in a multi-tenant cloud

Patent Citations (31)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7058807B2 (en) * 2002-04-15 2006-06-06 Intel Corporation Validation of inclusion of a platform within a data center
US20050283602A1 (en) * 2004-06-21 2005-12-22 Balaji Vembu Apparatus and method for protected execution of graphics applications
US7836299B2 (en) * 2005-03-15 2010-11-16 Microsoft Corporation Virtualization of software configuration registers of the TPM cryptographic processor
US8132003B2 (en) * 2005-06-30 2012-03-06 Intel Corporation Secure platform voucher service for software components within an execution environment
US20110179477A1 (en) * 2005-12-09 2011-07-21 Harris Corporation System including property-based weighted trust score application tokens for access control and related methods
US20080083039A1 (en) * 2006-09-29 2008-04-03 Su Gil Choi Method for integrity attestation of a computing platform hiding its configuration information
US7840801B2 (en) * 2007-01-19 2010-11-23 International Business Machines Corporation Architecture for supporting attestation of a virtual machine in a single step
US20080178176A1 (en) * 2007-01-19 2008-07-24 International Business Machines Corporation Architecture For Supporting Attestation Of A Virtual Machine In A Single Step
US7392403B1 (en) * 2007-12-19 2008-06-24 International Business Machines Corporation Systems, methods and computer program products for high availability enhancements of virtual security module servers
US8539551B2 (en) * 2007-12-20 2013-09-17 Fujitsu Limited Trusted virtual machine as a client
US20090178138A1 (en) * 2008-01-07 2009-07-09 Neocleus Israel Ltd. Stateless attestation system
US20090276774A1 (en) * 2008-05-01 2009-11-05 Junji Kinoshita Access control for virtual machines in an information system
US20090282266A1 (en) * 2008-05-08 2009-11-12 Microsoft Corporation Corralling Virtual Machines With Encryption Keys
US8364983B2 (en) * 2008-05-08 2013-01-29 Microsoft Corporation Corralling virtual machines with encryption keys
US20090293058A1 (en) * 2008-05-22 2009-11-26 Samsung Electronics Co., Ltd. Virtual system and method of restricting use of contents in the virtual system
US7987289B2 (en) * 2008-06-24 2011-07-26 Microsoft Corporation Participating in cloud as totally stubby edge
US20100017512A1 (en) * 2008-07-21 2010-01-21 International Business Machines Corporation Method and System For Improvements In or Relating to Off-Line Virtual Environments
US8161285B2 (en) * 2008-09-26 2012-04-17 Microsoft Corporation Protocol-Independent remote attestation and sealing
US20100132016A1 (en) * 2008-11-26 2010-05-27 James Michael Ferris Methods and systems for securing appliances for use in a cloud computing environment
US20110022812A1 (en) * 2009-05-01 2011-01-27 Van Der Linden Rob Systems and methods for establishing a cloud bridge between virtual storage resources
US8538919B1 (en) * 2009-05-16 2013-09-17 Eric H. Nielsen System, method, and computer program for real time remote recovery of virtual computing machines
US20110061050A1 (en) * 2009-09-04 2011-03-10 Sahita Ravi L Methods and systems to provide platform extensions for trusted virtual machines
US8505103B2 (en) * 2009-09-09 2013-08-06 Fujitsu Limited Hardware trust anchor
US20110060947A1 (en) * 2009-09-09 2011-03-10 Zhexuan Song Hardware trust anchor
US20110126197A1 (en) * 2009-11-25 2011-05-26 Novell, Inc. System and method for controlling cloud and virtualized data centers in an intelligent workload management system
US20120042163A1 (en) * 2010-08-13 2012-02-16 International Business Machines Corporation Securely identifying host systems
US20120110328A1 (en) * 2010-10-27 2012-05-03 High Cloud Security, Inc. System and Method For Secure Storage of Virtual Machines
US20120159634A1 (en) * 2010-12-15 2012-06-21 International Business Machines Corporation Virtual machine migration
US8799997B2 (en) * 2011-04-18 2014-08-05 Bank Of America Corporation Secure network cloud architecture
US20120304233A1 (en) * 2011-05-27 2012-11-29 Verizon Patent And Licensing, Inc. Systems and methods for bridging and managing media content associated with separate media content networks
US8412945B2 (en) * 2011-08-09 2013-04-02 CloudPassage, Inc. Systems and methods for implementing security in a cloud computing environment

Cited By (235)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8255690B2 (en) * 2005-06-30 2012-08-28 Intel Corporation Apparatus and method for group session key and establishment using a certified migration key
US20090249073A1 (en) * 2005-06-30 2009-10-01 Wiseman Williard M Apparatus and method for group session key and establishment using a certified migration key
US9588803B2 (en) 2009-05-11 2017-03-07 Microsoft Technology Licensing, Llc Executing native-code applications in a browser
US10824716B2 (en) 2009-05-11 2020-11-03 Microsoft Technology Licensing, Llc Executing native-code applications in a browser
US9043933B2 (en) 2010-06-30 2015-05-26 International Business Machines Corporation Method of processing data to enable external storage thereof with minimized risk of information leakage
US9323921B2 (en) 2010-07-13 2016-04-26 Microsoft Technology Licensing, Llc Ultra-low cost sandboxing for application appliances
US20120239631A1 (en) * 2010-09-04 2012-09-20 International Business Machines Corporation Disk scrubbing
US8543556B2 (en) * 2010-09-04 2013-09-24 International Business Machines Corporation Disk scrubbing
US20120102572A1 (en) * 2010-10-20 2012-04-26 International Business Machines Corporation Node controller for an endpoint in a cloud computing environment
US8800055B2 (en) * 2010-10-20 2014-08-05 International Business Machines Corporation Node controller for an endpoint in a cloud computing environment
US9087196B2 (en) * 2010-12-24 2015-07-21 Intel Corporation Secure application attestation using dynamic measurement kernels
US10516655B1 (en) * 2010-12-29 2019-12-24 Amazon Technologies, Inc. Encrypted boot volume access in resource-on-demand environments
US9509503B1 (en) * 2010-12-29 2016-11-29 Amazon Technologies, Inc. Encrypted boot volume access in resource-on-demand environments
US9846778B1 (en) * 2010-12-29 2017-12-19 Amazon Technologies, Inc. Encrypted boot volume access in resource-on-demand environments
US9544137B1 (en) 2010-12-29 2017-01-10 Amazon Technologies, Inc. Encrypted boot volume access in resource-on-demand environments
US8874888B1 (en) 2011-01-13 2014-10-28 Google Inc. Managed boot in a cloud system
US9740516B1 (en) 2011-01-13 2017-08-22 Google Inc. Virtual network protocol
US9237087B1 (en) 2011-03-16 2016-01-12 Google Inc. Virtual machine name resolution
US9231933B1 (en) 2011-03-16 2016-01-05 Google Inc. Providing application programs with access to secured resources
US20140298439A1 (en) * 2011-04-18 2014-10-02 Bank Of America Corporation Trusted Hardware for Attesting to Authenticity in a Cloud Environment
US20120265976A1 (en) * 2011-04-18 2012-10-18 Bank Of America Corporation Secure Network Cloud Architecture
US8984610B2 (en) * 2011-04-18 2015-03-17 Bank Of America Corporation Secure network cloud architecture
US9209979B2 (en) 2011-04-18 2015-12-08 Bank Of America Corporation Secure network cloud architecture
US9184918B2 (en) * 2011-04-18 2015-11-10 Bank Of America Corporation Trusted hardware for attesting to authenticity in a cloud environment
US8799997B2 (en) * 2011-04-18 2014-08-05 Bank Of America Corporation Secure network cloud architecture
US20120266231A1 (en) * 2011-04-18 2012-10-18 Bank Of America Corporation Secure Network Cloud Architecture
US8875240B2 (en) 2011-04-18 2014-10-28 Bank Of America Corporation Tenant data center for establishing a virtual machine in a cloud environment
US9100188B2 (en) 2011-04-18 2015-08-04 Bank Of America Corporation Hardware-based root of trust for cloud environments
US8839363B2 (en) 2011-04-18 2014-09-16 Bank Of America Corporation Trusted hardware for attesting to authenticity in a cloud environment
US10289435B2 (en) 2011-05-16 2019-05-14 Microsoft Technology Licensing, Llc Instruction set emulation for guest operating systems
US9495183B2 (en) 2011-05-16 2016-11-15 Microsoft Technology Licensing, Llc Instruction set emulation for guest operating systems
US20120324236A1 (en) * 2011-06-16 2012-12-20 Microsoft Corporation Trusted Snapshot Generation
US9075979B1 (en) 2011-08-11 2015-07-07 Google Inc. Authentication based on proximity to mobile device
US10212591B1 (en) 2011-08-11 2019-02-19 Google Llc Authentication based on proximity to mobile device
US9769662B1 (en) 2011-08-11 2017-09-19 Google Inc. Authentication based on proximity to mobile device
US8966198B1 (en) 2011-09-01 2015-02-24 Google Inc. Providing snapshots of virtual storage devices
US9501233B2 (en) 2011-09-01 2016-11-22 Google Inc. Providing snapshots of virtual storage devices
US9251234B1 (en) 2011-09-01 2016-02-02 Google Inc. Providing snapshots of virtual storage devices
US11620719B2 (en) 2011-09-12 2023-04-04 Microsoft Technology Licensing, Llc Identifying unseen content of interest
US8528101B1 (en) * 2011-09-20 2013-09-03 Amazon Technologies, Inc. Integrated physical security control system for computing resources
US8984651B1 (en) * 2011-09-20 2015-03-17 Amazon Technologies, Inc. Integrated physical security control system for computing resources
US8958293B1 (en) 2011-12-06 2015-02-17 Google Inc. Transparent load-balancing for cloud computing services
EP2791817A1 (en) * 2011-12-12 2014-10-22 Microsoft Corporation Cryptographic certification of secure hosted execution environments
US9413538B2 (en) 2011-12-12 2016-08-09 Microsoft Technology Licensing, Llc Cryptographic certification of secure hosted execution environments
US9425965B2 (en) 2011-12-12 2016-08-23 Microsoft Technology Licensing, Llc Cryptographic certification of secure hosted execution environments
CN103051451A (en) * 2011-12-12 2013-04-17 微软公司 Encryption authentication of security service execution environment
US9389933B2 (en) 2011-12-12 2016-07-12 Microsoft Technology Licensing, Llc Facilitating system service request interactions for hardware-protected applications
EP2791817A4 (en) * 2011-12-12 2014-10-22 Microsoft Corp Cryptographic certification of secure hosted execution environments
US9178698B1 (en) * 2011-12-21 2015-11-03 Google Inc. Dynamic key management
US9135460B2 (en) * 2011-12-22 2015-09-15 Microsoft Technology Licensing, Llc Techniques to store secret information for global data centers
US20130167200A1 (en) * 2011-12-22 2013-06-27 Microsoft Corporation Techniques to store secret information for global data centers
US20130173900A1 (en) * 2011-12-28 2013-07-04 Huawei Technologies Co., Ltd. Key transmission method and device of a virtual machine under full disk encryption during pre-boot
US9317316B2 (en) * 2011-12-28 2016-04-19 Huawei Technologies Co., Ltd. Host virtual machine assisting booting of a fully-encrypted user virtual machine on a cloud environment
US8800009B1 (en) 2011-12-30 2014-08-05 Google Inc. Virtual machine service access
US9652272B2 (en) 2012-01-26 2017-05-16 Empire Technology Development Llc Activating continuous world switch security for tasks to allow world switches between virtual machines executing the tasks
US8789047B2 (en) * 2012-01-26 2014-07-22 Empire Technology Development Llc Allowing world switches between virtual machines via hypervisor world switch security setting
US20130198743A1 (en) * 2012-01-26 2013-08-01 Empire Technology Development Llc Data center with continuous world switch security
US9774602B2 (en) 2012-01-30 2017-09-26 Intel Corporation Remote trust attestation and geo-location of servers and clients in cloud computing environments
CN104081407A (en) * 2012-01-30 2014-10-01 英特尔公司 Remote trust attestation and geo-location of servers and clients in cloud computing environments
US20130198797A1 (en) * 2012-01-30 2013-08-01 Yeluri Raghuram Remote trust attestation and geo-location of servers and clients in cloud computing environments
US9910972B2 (en) 2012-01-30 2018-03-06 Intel Corporation Remote trust attestation and geo-location of servers and clients in cloud computing environments
EP2810209A4 (en) * 2012-01-30 2015-09-23 Intel Corp Remote trust attestation and geo-location of servers and clients in cloud computing environments
EP3570195A1 (en) * 2012-01-30 2019-11-20 INTEL Corporation Remote trust attestation and geo-location of servers and clients in cloud computing environments
WO2013116214A1 (en) * 2012-01-30 2013-08-08 Intel Corporation Remote trust attestation and geo-location of servers and clients in cloud computing environments
US9256742B2 (en) * 2012-01-30 2016-02-09 Intel Corporation Remote trust attestation and geo-location of servers and clients in cloud computing environments
US9473472B1 (en) 2012-02-02 2016-10-18 Trend Micro Inc. Enterprise cloud security gateway
US8938611B1 (en) * 2012-02-02 2015-01-20 Trend Micro, Inc. Enterprise cloud security gateway
US20130227085A1 (en) * 2012-02-24 2013-08-29 Pantech Co., Ltd. Terminal and method for using cloud services
US9038128B2 (en) * 2012-02-29 2015-05-19 Red Hat, Inc. Applying security category labels to multi-tenant applications of a node in a platform-as-a-service environment
US9058198B2 (en) 2012-02-29 2015-06-16 Red Hat Inc. System resource sharing in a multi-tenant platform-as-a-service environment in a cloud computing system
US20130227561A1 (en) * 2012-02-29 2013-08-29 Daniel J. Walsh Mechanism for Applying a Custom Security Type Label to Multi-Tenant Applications of a Node in a Platform-as-a-Service (PaaS) Environment
US20130227635A1 (en) * 2012-02-29 2013-08-29 Daniel J. Walsh Mechanism for Applying Security Category Labels to Multi-Tenant Applications of a Node in a Platform-as-a-Service (PaaS) Environment
US9720668B2 (en) 2012-02-29 2017-08-01 Red Hat, Inc. Creating and maintaining multi-tenant applications in a platform-as-a-service (PaaS) environment of a cloud computing system
US9047107B2 (en) * 2012-02-29 2015-06-02 Red Hat, Inc. Applying a custom security type label to multi-tenant applications of a node in a platform-as-a-service environment
TWI602078B (en) * 2012-03-15 2017-10-11 英特爾公司 Method, apparatus, medium and system for remote trust attestation and geo-location of servers and clients in cloud computing environments
US11882154B2 (en) * 2012-03-19 2024-01-23 Amazon Technologies, Inc. Template representation of security resources
US20160269446A1 (en) * 2012-03-19 2016-09-15 Amazon Technologies, Inc. Template representation of security resources
US10255110B2 (en) 2012-05-01 2019-04-09 Red Hat, Inc. Node selection for a new application in a multi-tenant cloud hosting environment
US8850514B2 (en) 2012-05-01 2014-09-30 Red Hat, Inc. Cartridges in a multi-tenant platforms-as-a-service (PaaS) system implemented in a cloud computing environment
US9842002B2 (en) 2012-05-01 2017-12-12 Red Hat, Inc. Node selection for a new application in a multi-tenant cloud hosting environment
US9665411B2 (en) 2012-05-01 2017-05-30 Red Hat, Inc. Communication between a server orchestration system and a messaging system
US9245111B2 (en) 2012-05-01 2016-01-26 Red Hat, Inc. Owner command execution in a multi-tenant cloud hosting environment
US10365953B2 (en) 2012-05-01 2019-07-30 Red Hat, Inc. Tracking and utilizing facts about a node of a multi-tenant cloud hosting environment
US9317325B2 (en) 2012-05-01 2016-04-19 Red Hat, Inc. Application idling in a multi-tenant cloud-based application hosting environment
US9330102B2 (en) 2012-05-01 2016-05-03 Red Hat, Inc. Multi-tenant platform-as-a-service (PaaS) system implemented in a cloud computing environment
WO2013174437A1 (en) * 2012-05-24 2013-11-28 Telefonaktiebolaget L M Ericsson (Publ) Enhanced secure virtual machine provisioning
US8832820B2 (en) 2012-06-25 2014-09-09 International Business Machines Corporation Isolation and security hardening among workloads in a multi-tenant networked environment
US20140007087A1 (en) * 2012-06-29 2014-01-02 Mark Scott-Nash Virtual trusted platform module
US10162952B2 (en) 2012-07-06 2018-12-25 International Business Machines Corporation Security model for network information service
US9922181B2 (en) 2012-07-06 2018-03-20 International Business Machines Corporation Security model for network information service
US9710626B2 (en) 2012-07-06 2017-07-18 International Business Machines Corporation Security model for network information service
CN102739689A (en) * 2012-07-16 2012-10-17 四川师范大学 File data transmission device and method used for cloud storage system
US9692858B2 (en) 2012-07-17 2017-06-27 International Business Machines Corporation Security model for a memory of a network information system
US8922224B2 (en) 2012-08-07 2014-12-30 Lenovo Enterprise Solutions (Singapore) Pte. Ltd. Snoop detection on calibrated bus
US9405593B2 (en) 2012-09-06 2016-08-02 Red Hat, Inc. Scaling of application resources in a multi-tenant platform-as-a-service environment in a cloud computing system
US20140075432A1 (en) * 2012-09-07 2014-03-13 Michael P. McGrath Mechanism for Application Partitioning in a Multi-Tenant Platform-as-a-Service (PaaS) Environment in a Cloud Computing System
US9009704B2 (en) * 2012-09-07 2015-04-14 Red Hat, Inc. Application partitioning in a multi-tenant platform-as-a-service environment in a cloud computing system
US11521139B2 (en) 2012-09-24 2022-12-06 Amazon Technologies, Inc. Providing system resources with secure containment units
US9252946B2 (en) 2012-09-27 2016-02-02 Intel Corporation Method and system to securely migrate and provision virtual machine images and content
US8924720B2 (en) * 2012-09-27 2014-12-30 Intel Corporation Method and system to securely migrate and provision virtual machine images and content
RU2648941C2 (en) * 2012-10-12 2018-03-28 Конинклейке Филипс Н.В. Secure data handling by virtual machine
US11086648B1 (en) 2012-10-22 2021-08-10 Amazon Technologies, Inc. Trust-based resource allocation
US10275267B1 (en) * 2012-10-22 2019-04-30 Amazon Technologies, Inc. Trust-based resource allocation
US10255569B2 (en) 2012-11-19 2019-04-09 International Business Machines Corporation Managing assets
US10586187B2 (en) 2012-11-19 2020-03-10 International Business Machines Corporation Managing assets
US20140143293A1 (en) * 2012-11-19 2014-05-22 International Business Machines Corporation Managing Assets
US10115066B2 (en) * 2012-11-19 2018-10-30 International Business Machines Corporation Managing assets
US9698988B2 (en) 2012-11-22 2017-07-04 Huawei Technologies Co., Ltd. Management control method, apparatus, and system for virtual machine
JP2016506107A (en) * 2012-11-22 2016-02-25 華為技術有限公司Huawei Technologies Co.,Ltd. Management control method, apparatus and system for virtual machine
US9088549B2 (en) 2013-01-15 2015-07-21 International Business Machines Corporation Securing sensitive information in a network cloud
US9059973B2 (en) 2013-01-15 2015-06-16 International Business Machines Corporation Securing sensitive information in a network cloud
US10771505B2 (en) 2013-02-12 2020-09-08 Nicira, Inc. Infrastructure level LAN security
US9930066B2 (en) 2013-02-12 2018-03-27 Nicira, Inc. Infrastructure level LAN security
US11411995B2 (en) 2013-02-12 2022-08-09 Nicira, Inc. Infrastructure level LAN security
US11743292B2 (en) 2013-02-12 2023-08-29 Nicira, Inc. Infrastructure level LAN security
US20140258235A1 (en) * 2013-03-05 2014-09-11 VCE Company LLC Method to provide user domain management of snapshots for virtual desktops using centralized portal
US20140281509A1 (en) * 2013-03-15 2014-09-18 Novell, Inc. Techniques for secure data extraction in a virtual or cloud environment
US10454902B2 (en) * 2013-03-15 2019-10-22 Netiq Corporation Techniques for secure data extraction in a virtual or cloud environment
US9514313B2 (en) * 2013-03-15 2016-12-06 Netiq Corporation Techniques for secure data extraction in a virtual or cloud environment
US20170180331A1 (en) * 2013-03-15 2017-06-22 Netiq Corporation Techniques for secure data extraction in a virtual or cloud environment
JP2016511610A (en) * 2013-03-15 2016-04-14 インターナショナル・ビジネス・マシーンズ・コーポレーションInternational Business Machines Corporation Key management method, apparatus, computer program product, and cloud computing infrastructure in a multi-tenant computing infrastructure (key management in a multi-tenant environment)
JP2014192639A (en) * 2013-03-26 2014-10-06 Fujitsu Fsas Inc Terminal device and determination method
US9426155B2 (en) 2013-04-18 2016-08-23 International Business Machines Corporation Extending infrastructure security to services in a cloud computing environment
US9104798B2 (en) 2013-05-03 2015-08-11 International Business Machines Corporation Enabling remote debugging of virtual machines running in a cloud environment
US9292412B2 (en) 2013-05-03 2016-03-22 Globalfoundries Inc. Enabling remote debugging of virtual machines running in a cloud environment
WO2014185845A1 (en) * 2013-05-13 2014-11-20 Telefonaktiebolaget L M Ericsson (Publ) Procedure for platform enforced secure storage in infrastructure clouds
US10230738B2 (en) 2013-05-13 2019-03-12 Telefonaktiebolaget Lm Ericsson (Publ) Procedure for platform enforced secure storage in infrastructure clouds
WO2015047285A1 (en) * 2013-09-27 2015-04-02 Intel Corporation Protection scheme for remotely-stored data
US9852299B2 (en) 2013-09-27 2017-12-26 Intel Corporation Protection scheme for remotely-stored data
US10686837B2 (en) * 2013-10-25 2020-06-16 Xi'an Zhongxing New Software Co., Ltd. Method and device for customizing security service
US20160248811A1 (en) * 2013-10-25 2016-08-25 Zte Corporation Method and device for customizing security service
US20150121369A1 (en) * 2013-10-31 2015-04-30 Vmware, Inc. Guarded virtual machines
US9798561B2 (en) * 2013-10-31 2017-10-24 Vmware, Inc. Guarded virtual machines
AU2014342834B2 (en) * 2013-11-01 2019-12-05 Intuit Inc. Method and system for validating a virtual asset
EP3063690A4 (en) * 2013-11-01 2017-06-07 Intuit Inc. Method and system for validating a virtual asset
US9734325B1 (en) * 2013-12-09 2017-08-15 Forcepoint Federal Llc Hypervisor-based binding of data to cloud environment for improved security
US9696940B1 (en) 2013-12-09 2017-07-04 Forcepoint Federal Llc Technique for verifying virtual machine integrity using hypervisor-based memory snapshots
US9785492B1 (en) 2013-12-09 2017-10-10 Forcepoint Llc Technique for hypervisor-based firmware acquisition and analysis
US9519498B2 (en) 2013-12-24 2016-12-13 Microsoft Technology Licensing, Llc Virtual machine assurances
US10360062B2 (en) 2014-02-03 2019-07-23 Intuit Inc. System and method for providing a self-monitoring, self-reporting, and self-repairing virtual asset configured for extrusion and intrusion detection and threat scoring in a cloud computing environment
US9792427B2 (en) * 2014-02-07 2017-10-17 Microsoft Technology Licensing, Llc Trusted execution within a distributed computing system
US10757133B2 (en) 2014-02-21 2020-08-25 Intuit Inc. Method and system for creating and deploying virtual assets
US10121007B2 (en) 2014-02-21 2018-11-06 Intuit Inc. Method and system for providing a robust and efficient virtual asset vulnerability management and verification service
US20150244716A1 (en) * 2014-02-24 2015-08-27 Amazon Technologies, Inc. Securing client-specified credentials at cryptograpically attested resources
EP3111618A4 (en) * 2014-02-24 2017-10-25 Amazon Technologies, Inc. Securing client-specified credentials at cryptographically attested resources
CN106105146A (en) * 2014-02-24 2016-11-09 亚马逊科技公司 Prove that Energy Resources Service's protection client specifies voucher at password
US10389709B2 (en) * 2014-02-24 2019-08-20 Amazon Technologies, Inc. Securing client-specified credentials at cryptographically attested resources
US11294700B2 (en) 2014-04-18 2022-04-05 Intuit Inc. Method and system for enabling self-monitoring virtual assets to correlate external events with characteristic patterns associated with the virtual assets
US10055247B2 (en) 2014-04-18 2018-08-21 Intuit Inc. Method and system for enabling self-monitoring virtual assets to correlate external events with characteristic patterns associated with the virtual assets
US10176095B2 (en) 2014-05-05 2019-01-08 Microsoft Technology Licensing, Llc Secure management of operations on protected virtual machines
US9578017B2 (en) 2014-05-05 2017-02-21 Microsoft Technology Licensing, Llc Secure management of operations on protected virtual machines
US9652631B2 (en) 2014-05-05 2017-05-16 Microsoft Technology Licensing, Llc Secure transport of encrypted virtual machines with continuous owner access
US20150358294A1 (en) * 2014-06-05 2015-12-10 Cavium, Inc. Systems and methods for secured hardware security module communication with web service hosts
US20150358311A1 (en) * 2014-06-05 2015-12-10 Cavium, Inc. Systems and methods for secured key management via hardware security module for cloud-based web services
US20150358313A1 (en) * 2014-06-05 2015-12-10 Cavium, Inc. Systems and methods for secured communication hardware security module and network-enabled devices
US20160028551A1 (en) * 2014-06-05 2016-01-28 Cavium, Inc. Systems and methods for hardware security module as certificate authority for network-enabled devices
US9537738B2 (en) 2014-06-27 2017-01-03 Intel Corporation Reporting platform information using a secure agent
WO2015200606A1 (en) * 2014-06-27 2015-12-30 Intel Corporation Reporting platform information using a secure agent
US10747888B2 (en) * 2014-06-30 2020-08-18 Nicira, Inc. Method and apparatus for differently encrypting data messages for different logical networks
CN106575338A (en) * 2014-06-30 2017-04-19 Nicira股份有限公司 Encryption architecture
US9792447B2 (en) * 2014-06-30 2017-10-17 Nicira, Inc. Method and apparatus for differently encrypting different flows
US10445509B2 (en) * 2014-06-30 2019-10-15 Nicira, Inc. Encryption architecture
US20150381578A1 (en) * 2014-06-30 2015-12-31 Nicira, Inc. Method and Apparatus for Differently Encrypting Data Messages for Different Logical Networks
US9613218B2 (en) * 2014-06-30 2017-04-04 Nicira, Inc. Encryption system in a virtualized environment
US9553850B2 (en) 2014-06-30 2017-01-24 International Business Machines Corporation Multi-tenant secure separation of data in a cloud-based application
US11087006B2 (en) 2014-06-30 2021-08-10 Nicira, Inc. Method and apparatus for encrypting messages based on encryption group association
US9917818B2 (en) 2014-06-30 2018-03-13 International Business Machines Corporation Multi-tenant secure separation of data in a cloud-based application
US9509718B1 (en) * 2014-07-17 2016-11-29 Sprint Communications Company L.P. Network-attached storage solution for application servers
US10102082B2 (en) 2014-07-31 2018-10-16 Intuit Inc. Method and system for providing automated self-healing virtual assets
US9984227B2 (en) 2014-09-17 2018-05-29 International Business Machines Corporation Hypervisor and virtual machine protection
US9652276B2 (en) * 2014-09-17 2017-05-16 International Business Machines Corporation Hypervisor and virtual machine protection
US20160078212A1 (en) * 2014-09-17 2016-03-17 International Business Machines Corporation Hypervisor and virtual machine protection
US10409978B2 (en) 2014-09-17 2019-09-10 International Business Machines Corporation Hypervisor and virtual machine protection
US9584317B2 (en) 2014-10-13 2017-02-28 Microsoft Technology Licensing, Llc Identifying security boundaries on computing devices
US10229272B2 (en) 2014-10-13 2019-03-12 Microsoft Technology Licensing, Llc Identifying security boundaries on computing devices
US9407612B2 (en) * 2014-10-31 2016-08-02 Intel Corporation Technologies for secure inter-virtual network function communication
USRE48411E1 (en) * 2014-10-31 2021-01-26 Intel Corporation Technologies for secure inter-virtual network function communication
US10303879B1 (en) 2014-11-06 2019-05-28 Amazon Technologies, Inc. Multi-tenant trusted platform modules
US10181037B2 (en) 2014-11-14 2019-01-15 Microsoft Technology Licensing, Llc Secure creation of encrypted virtual machines from encrypted templates
US9519787B2 (en) * 2014-11-14 2016-12-13 Microsoft Technology Licensing, Llc Secure creation of encrypted virtual machines from encrypted templates
US20160179624A1 (en) * 2014-12-17 2016-06-23 Airwatch Llc Expedited Device Backup, Wipe, and Enrollment
US10956383B2 (en) 2014-12-17 2021-03-23 Airwatch Llc Device backup and wipe
US9979704B2 (en) * 2014-12-17 2018-05-22 Cisco Technology, Inc. End-to-end security for virtual private service chains
US10152383B2 (en) * 2014-12-17 2018-12-11 Airwatch Llc Expedited device backup, wipe, and enrollment
US20160182458A1 (en) * 2014-12-17 2016-06-23 Cisco Technology, Inc. End-to-end security for virtual private service chains
US10037196B2 (en) * 2015-01-27 2018-07-31 Red Hat, Inc. Source to image framework for a platform-as-a-service system
US20180011727A1 (en) * 2015-01-27 2018-01-11 Nec Corporation Virtualization system, server, terminal, virtualization method, and program recording medium
CN104615551A (en) * 2015-02-09 2015-05-13 联想(北京)有限公司 Information processing method and electronic device
WO2017005276A1 (en) 2015-07-03 2017-01-12 Telefonaktiebolaget Lm Ericsson (Publ) Virtual machine integrity
US10230529B2 (en) * 2015-07-31 2019-03-12 Microsft Technology Licensing, LLC Techniques to secure computation data in a computing environment
US9673982B2 (en) 2015-09-16 2017-06-06 Sprint Communications Company L.P. Efficient hardware trust verification in data communication systems that comprise network interface cards, central processing units, and data memory buffers
US9864856B2 (en) 2015-09-16 2018-01-09 Sprint Communications Company L.P. Efficient hardware trust verification in data communication systems that comprise network interface cards, central processing units, and data memory buffers
US9848039B2 (en) * 2015-09-22 2017-12-19 International Business Machines Corporation Deployment of virtual machines
US9769251B2 (en) * 2015-09-22 2017-09-19 International Business Machines Corporation Deployment of virtual machines
CN108140087A (en) * 2015-09-28 2018-06-08 微软技术许可有限责任公司 Use the multi-tenant environment of the trust boundaries component of pre-read
WO2017058918A1 (en) * 2015-09-28 2017-04-06 Microsoft Technology Licensing, Llc Multi-tenant environment using pre-readied trust boundary components
US10389746B2 (en) 2015-09-28 2019-08-20 Microsoft Technology Licensing, Llc Multi-tenant environment using pre-readied trust boundary components
US9882901B2 (en) 2015-12-14 2018-01-30 International Business Machines Corporation End-to-end protection for shrouded virtual servers
US10019279B2 (en) 2015-12-17 2018-07-10 International Business Machines Corporation Transparent secure interception handling
US9841987B2 (en) 2015-12-17 2017-12-12 International Business Machines Corporation Transparent secure interception handling
US10838755B2 (en) 2015-12-17 2020-11-17 International Business Machines Corporation Transparent secure interception handling
US10057273B1 (en) * 2016-03-30 2018-08-21 EMC IP Holding Company LLC System and method for ensuring per tenant mutual exclusion of data and administrative entities with low latency and high scale
CN105933300A (en) * 2016-04-14 2016-09-07 郭剑锋 Safety management method and device
US10754968B2 (en) * 2016-06-10 2020-08-25 Digital 14 Llc Peer-to-peer security protocol apparatus, computer program, and method
US20170357819A1 (en) * 2016-06-10 2017-12-14 Dark Matter L.L.C Peer-to-peer security protocol apparatus, computer program, and method
US10346151B2 (en) * 2016-07-06 2019-07-09 CloudBolt Software Inc. Cloud computing resource orchestration
US10798073B2 (en) 2016-08-26 2020-10-06 Nicira, Inc. Secure key management protocol for distributed network encryption
US11533301B2 (en) 2016-08-26 2022-12-20 Nicira, Inc. Secure key management protocol for distributed network encryption
CN109964205A (en) * 2016-11-14 2019-07-02 微软技术许可有限责任公司 Security key management
US10439803B2 (en) 2016-11-14 2019-10-08 Microsoft Technology Licensing, Llc Secure key management
US10819728B2 (en) * 2016-11-16 2020-10-27 Red Hat, Inc. Multi-tenant cloud security threat detection
US20210058419A1 (en) * 2016-11-16 2021-02-25 Red Hat, Inc. Multi-tenant cloud security threat detection
US11689552B2 (en) * 2016-11-16 2023-06-27 Red Hat, Inc. Multi-tenant cloud security threat detection
US20190281080A1 (en) * 2016-11-16 2019-09-12 Red Hat, Inc. Multi-tenant cloud security threat detection
US10318723B1 (en) * 2016-11-29 2019-06-11 Sprint Communications Company L.P. Hardware-trusted network-on-chip (NOC) and system-on-chip (SOC) network function virtualization (NFV) data communications
US10719601B2 (en) * 2016-11-29 2020-07-21 Sprint Communications Company L.P. Hardware-trusted network function virtualization (NFV) data communications
US20190007378A1 (en) * 2017-06-28 2019-01-03 Microsoft Technology Licensing, Llc Shielded networks for virtual machines
US10771439B2 (en) * 2017-06-28 2020-09-08 Microsoft Technology Licensing, Llc Shielded networks for virtual machines
US11263294B2 (en) * 2017-07-21 2022-03-01 Oraclize Limited Apparatus and method for verificability /auditability of correct process execution on electronic platforms
US11281393B2 (en) * 2018-06-14 2022-03-22 Rubrik, Inc. Envoy for multi-tenant compute infrastructure
US11461034B2 (en) * 2018-06-14 2022-10-04 Rubrik, Inc. Envoy for multi-tenant compute infrastructure
US20190384496A1 (en) * 2018-06-14 2019-12-19 Rubrik,Inc. Envoy for multi-tenant compute infrastructure
US20190384494A1 (en) * 2018-06-14 2019-12-19 Rubrik Inc. Envoy for multi-tenant compute infrastructure
US10168949B1 (en) * 2018-06-14 2019-01-01 Rubrik, Inc. Envoy for multi-tenant compute infrastructure
WO2020060609A1 (en) * 2018-09-17 2020-03-26 Microsoft Technology Licensing, Llc Verifying a computing device after transport
US11310050B2 (en) 2018-09-17 2022-04-19 Microsoft Technology Licensing, Llc Verifying a computing device after transport
CN109729147A (en) * 2018-11-28 2019-05-07 国云科技股份有限公司 The auditing system and implementation method of multi-tenant are supported under a kind of cloud environment
US11323480B2 (en) * 2019-05-07 2022-05-03 Cisco Technology, Inc. Policy enforcement and introspection on an authentication system
US11288381B2 (en) 2019-07-19 2022-03-29 Eaglys Inc. Calculation device, calculation method, calculation program and calculation system
US20210374232A1 (en) * 2020-05-28 2021-12-02 Red Hat, Inc. Data distribution using a trusted execution environment in an untrusted device
US20210374234A1 (en) * 2020-05-28 2021-12-02 Red Hat, Inc. Using trusted execution environments to perform a communal operation for mutually-untrusted devices
US11947659B2 (en) 2020-05-28 2024-04-02 Red Hat, Inc. Data distribution across multiple devices using a trusted execution environment in a mobile device
US11848924B2 (en) 2020-10-12 2023-12-19 Red Hat, Inc. Multi-factor system-to-system authentication using secure execution environments
US11431482B2 (en) * 2021-01-26 2022-08-30 Citrix Systems, Inc. Configuration of headless network appliances
US11831758B2 (en) 2021-01-26 2023-11-28 Citrix Systems, Inc. Configuration of headless network appliances

Also Published As

Publication number Publication date
JP2013528872A (en) 2013-07-11
JP6100834B2 (en) 2017-03-22
EP2577539A1 (en) 2013-04-10
AU2011261831A1 (en) 2012-10-25
US8909928B2 (en) 2014-12-09
AU2011261831B2 (en) 2014-03-20
EP2577539B1 (en) 2018-12-19
WO2011152910A1 (en) 2011-12-08
JP2015181045A (en) 2015-10-15

Similar Documents

Publication Publication Date Title
US8909928B2 (en) Securing customer virtual machines in a multi-tenant cloud
US11394548B2 (en) Secure provisioning of operating systems
US10409985B2 (en) Trusted computing host
KR102110273B1 (en) Chain security systems
US9559842B2 (en) Trusted key management for virtualized platforms
US9055052B2 (en) Method and system for improving storage security in a cloud computing environment
EP3111618B1 (en) Securing client-specified credentials at cryptographically attested resources
US8108668B2 (en) Associating a multi-context trusted platform module with distributed platforms
US8676710B2 (en) Providing security in a cloud storage environment
US20180013552A1 (en) Validating using an offload device security component
KR101791768B1 (en) Configuration and verification by trusted provider
US11288377B1 (en) Virtual machine-based trusted execution environment
AU2018201934A1 (en) Network based management of protected data sets
US20220222098A1 (en) Secure storage of workload attestation reports in a virtualized and clustered computer system
TW202307712A (en) Attestation of a secure guest
Pedone et al. Trusted computing technology and proposals for resolving cloud computing security problems
Tolnai et al. Securing the Cloud's Core Virtual Infrastructure
Ozga et al. Wawel: Architecture for Scalable Attestation of Heterogeneous Virtual Execution Environments
Julian Cellar: Securing Data for Twister
Almantsri et al. Cellar: Securing Data for Twister
Sadeghi Property-Based Attestation Approach and Virtual TPM

Legal Events

Date Code Title Description
STCF Information on status: patent grant

Free format text: PATENTED CASE

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551)

Year of fee payment: 4

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 8